The PAM ESM Module only supports user authentication (the SAFROUTE Verify operation), so it can only be used to control user signon to Enterprise Server, and not to provide resource access control.
PAM is a feature of Linux and some UNIX operating systems that provides a framework for authenticating users. PAM providers may authenticate users with the traditional Linux/UNIX passwd and shadow files, with NIS, or with another mechanism such as LDAP.
The PAM ESM Module supports userid/password validation, and in some configurations user password changes. It supports retrieving user group information from the operating system as Enterprise Server user groups, so operating-system group names can be used in conjunction with the MLDAP ESM Module to assign resource access permissions. Retrieving group names is not a PAM function; this is done using standard OS APIs. The PAM ESM Module also supports External Security Facility (ESF) functions such as group federation, passtokens, and system user ACEE creation.
The PAM ESM Module is currently only shipped for Enterprise Server on Linux, but can be provided for UNIX on request. Contact your Micro Focus Customer Care representative regarding PAM ESM Module for UNIX.