How to integrate IBM Connect:Direct authentication with AD using Centrify

How to integrate IBM Connect:Direct authentication with AD using Centrify

By Centrify Advisor I on ‎05-23-2017 08:41 AM

IBM Sterling Connect:Direct components run o Linux/Unix systems, so it's very easy to integrate with AD using Centrify because it's a PAM-aware application. This means it's able to leverage the PAM module provided by Centrify (or any other PAM module) to authenticate users.

 

if you look at page 43 on the official guide on how to implement PAM on IBM C:D (http://www-01.ibm.com/support/docview.wss?uid=swg27043021), it says:

 

Edit the initparm.cfg file and add the service name to the ndm.pam:service parameter. The service name we will be using in our test is the default service name “login”, located in /etc/pam.d directory. Make sure to bounce the Connect:Direct application to apply the change.

 

[cd4104@ironman] /home/cd4104/ndm/cfg/ironman4104 $ vi initparm.cfg

# Miscellaneous Parameters

ndm.path:path=/home/cd4104:

ndm.node:name=ironman4104:

ndm.pam:service=login:

ndm.env_vars:sanitize=n:

 

So all you need to do is to change the initparm.cfg file and specify login as the ndm.pam:service parameter. This will make IBM C:D look at the OS PAM modules to authenticate users.

 

Just make sure your users are properly set up at Centrify, i.e. have a UNIX profile and login rights assinged if needed.

Showing results for 
Search instead for 
Do you mean 
Labels

Community Control Panel