jspωiki
IDMFanOutUnixSystemIntercept

The System Intercept#

The Platform Services System Intercept communicates with the Platform Services Process for password verification and password changes.

The System Intercept is implemented in most UNIX systems using a Pluggable Authentication Module (PAM). Platform Services for AIX uses the Loadable Authentication Module (LAM) system provided by AIX.

Sample Pam configs are located at:#

./bin/PlatformServices/pam.d

The Fan-Out Driver used stored each user's password as a custom ePassword. In version 3.1.1, the Driver accesses users' Universal Passwords directly. Using the Universal Password makes the password more secure, and reduces the chances that password synchronization will fail.

Make sure you have Password Policies assigned to each container with managed users. (If you are upgrading a Fan-Out Driver, these policies are probably already in place.) Additionally, make sure the "Enable Universal Password" and "Allow admin to retrieve passwords" configuration options are enabled for each policy. If these options are not enabled, you will receive the error message "Could not retrieve a Universal Password for object ... (error code -1)" in your Fan-Out Driver log.

More Information#

There might be more information for this subject on one of the following: