|Applies To||AM 7.1 & 6.1|
Pam Agent 5.X and 6.X for IBM AIX
|Issue||PAM Agent for AIX (5.X and 6.X) - Is it possible to configure sudo to use securid|
A tail of messages with the agent in debug mode shows that the pam module is not being called when sudo is issued:
May 24 13:55:48 rwxe10l5 auth|security:notice sudo: cindy: TTY=pts/1 ; PWD=/home/cindy ; USER=root ; COMMAND=/usr/bin/su -
|Cause||Sudo is not a standard installation program on AIX. It is instead included in the aix toolkit cd (freeware). The version included on the toolkit cd is not compiled with PAM enabled.|
|Resolution||Generally, the following procedure can be used. Sudo is freeware, therefore there are no expressed or implied warranties included with this methodology. Please inform customers that this methodology is provided on an "as is" basis. RSA does not do specific qualifications on public domain versions of sudo, therefore direct customers to IBM if they wish to lodge a complaint/rfe about the lack of pam support in the sudo program bundled with AIX.|
To build a pam compatibile sudo program on AIX (or other unix platform)
Obtain the latest stable source code for sudo from
For this document sudo-1.7.2p6 was used.
gunzip and tar the source into /opt/source/sudo
cd to the /opt/source/sudo/sudo-1.7.2p6
Compile it as follows, insuring to use the --with-pam switch.
bash-3.00# ./configure --with-pam
Then make install:
bash-3.00# make install
Add these paths to your existing paths to use sudo:
Check to insure your sudo is the newly compiled sudo:
bash-3.00# which sudo
bash-3.00# sudo -V | grep -i version
Sudo version 1.7.2p6
Update your pam.conf to use sudo with pam_securid.so:
bash-3.00# cat /etc/pam.conf | grep sudo
sudo auth required /usr/lib/security/pam_securid.so
Become a test user, and execute a sudo command:
bash-3.00# su cindy
bash-3.00$ sudo vi /etc/hosts
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
|Legacy Article ID||a51145|