Supportability Enhancements
Pluggable Authentication Module (PAM) Support (Linux and UNIX)
Ingres provides support for pluggable authentication modules (PAM) through the ingvalidpam program.
Ingvalidpam is a password validation program that can be used instead of the ingvalidpw program. Like ingvalidpw, ingvalidpam is used only in Linux and UNIX environments. If the DBMS Server runs on Linux or UNIX, the Ingres client can run on any platform and PAM can be used to authenticate.
When using ingvalidpam, Ingres interfaces with PAM, rather than the underlying authentication mechanism. If the latter is changed (from standard UNIX to LDAP, for example), only the PAM configuration, not Ingres, needs to change. As long as the Ingres DBMS Server recognizes the user name as a valid Ingres user, applications will work as they did previously.
PAM support provides these benefits:
• Enables Ingres to support more authentication mechanisms than it did previously
• Easier to support one program that supports multiple security services (controlled by PAM configuration) than the various operating-specific user authentication schemes
• Lower security exposure because the authorization program can run either with no special privileges or with shadow group privileges, whereas ingvalidpw must run as root
The invalidpam executable and source are included in the Ingres distribution. In most cases, the executable works fine as delivered, but you can build it from the source, if necessary.
For more information, see the Security Guide.