PAM ESM Module

The PAM ESM Module lets you use the Pluggable Authentication Modules (PAM) mechanism as an External Security Manager (ESM) for Enterprise Server.

The PAM ESM Module only supports user authentication (the SAFROUTE Verify operation), so it can only be used to control user signon to Enterprise Server, and not to provide resource access control.

PAM is a feature of Linux and some UNIX operating systems that provides a framework for authenticating users. PAM providers may authenticate users with the traditional Linux/UNIX passwd and shadow files, with NIS, or with another mechanism such as LDAP.

Note: PAM providers are included with the operating system or supplied by third parties. Micro Focus does not supply PAM provider modules.

The PAM ESM Module supports userid/password validation, and in some configurations user password changes. It supports retrieving user group information from the operating system as Enterprise Server user groups, so operating-system group names can be used in conjunction with the MLDAP ESM Module to assign resource access permissions. Retrieving group names is not a PAM function; this is done using standard OS APIs. The PAM ESM Module also supports External Security Facility (ESF) functions such as group federation, passtokens, and system user ACEE creation.

The PAM ESM Module is currently only shipped for Enterprise Server on Linux, but can be provided for UNIX on request. Contact your Micro Focus Customer Care representative regarding PAM ESM Module for UNIX.