How does oscomponent.pamlogin.enable=true and oscomponent.pamlogin.svc=su parameters work?

Document ID:  TEC1959053
Last Modified Date:  08/02/2017
{{active ? 'Hide' : 'Show'}} Technical Document Details

Products

  • CA Workload Automation AE

Releases

  • CA Workload Automation AE:Release:11.3
  • CA Workload Automation AE:Release:11.3.6

Components

  • CA Workload Automation AE (AutoSys):ATSYS
Question:

When the following parameters are set in agentparm.txt file of the agent:

oscomponent.pamlogin.enable=true

oscomponent.pamlogin.svc=su

 then jobs can be run without the need to specify the user password. How does it work?

 

 

Environment:
Workload Automation AE 11.3.6 Release
Answer:

Without setting the above “pamlogin” parameters in the agentparm.txt, the agent does not log the user into the system to run the job.

Instead, the agent makes the system call "setuid" to change the owner of the running process.

This does not do any of the things that happen when a user logs in.

 

With “pamlogin” parameters set, we login with PAM and let the PAM modules determine how the login is handled and how to modify user permissions and/or environment.

The "su" PAM module is configured to act just like typing "su" at the command line.

When it is run by root, no password is required.

However, it is also configured to load the user's ulimit configuration values. 

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255

{{status}}

Not what you were looking for?

Search Again >

Product Information

Support by Product >

Communities

Join a Community >