Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

NBU Java console authentication and authorization - integration with Active Directory

Created: 16 Jan 2014 | 1 comment

Are you using ActiveDomain authentication for access to Unix/Linux servers? Why not to use it for access to Java management console? It's not such difficult, just to configure PAM the right way. I have found this idea on Symantec discussion forum but I don't remember the article. (Please, give me notice if you will find it to give credit to author.)

PAM can solve Java console authentication. But how to resolve authorization? It's defined in /usr/openv/java/auth.conf file. If you know how to integrate authorization with AD, please, share your tips in comments. Until some smarter solution you can use my own.

I have written perl script running by cron (one daily is suitable for me). It takes list of users from the proper AD groups and create auth.conf file. Script supports more AD groups. The groups can be either admins or operators. People in admin groups will get full rights, for people from operator groups you can specify list of rights as required.

You can get the script with full description on my PAGE.

Operating Systems:

Comments 1 CommentJump to latest comment

RadovanTuran's picture

Just small update: the name of PAM service (in my case "nbu") has to be written in file
/usr/openv/netbackup/pam_service.txt