Configuring PAM for the Control System and the REST API

Describes how to create a custom PAM profile and use a specific PAM file for authentication.

About this task

Starting in HPE Ezmeral Data Fabric v6.0, no additional configuration is needed to use PAM files for authentication. The apiserver supports PAM and automatically loads the following PAM files, if they exist, in the following order for authentication:

/etc/pam.d/mapr-admin
/etc/pam.d/sudo
/etc/pam.d/sshd
/etc/pam.d/chkpasswd
/etc/pam.d/passwd

You can create a custom PAM profile and set the admin server property to point to a specific PAM file to use for authentication.

Procedure

  1. Open the /opt/mapr/apiserver/conf/properties.cfg file and set the PAM file as the value for the authentication.pam.service property.
    For example, to set mapr-admin as the file to use for authentication, your entry in the file should look similar to the following:
    ojai.cache.size=64
    mapr.webui.https.port=8443
    doc.url=https://docs.datafabric.hpe.com/home
    proxy.zkservices=elasticsearch,opentsdb
    authentication.pam.service=mapr-admin
  2. Save and close the file.