NDPF VMware authentication

From PDP/Grid Wiki
Jump to navigationJump to search

VMware authentication configuration (NDPF)

The VMware server instance on tbn17 can be contacted via the VMware management console software on port 902, from within the NDPF public services network.

You can authentication with the vmware authd using your normal NDPF LDAP password, or - in exceptional cases - as root with the local tbn17 password to modify VM machine settings. Access control to individual VM instances is protected using file permission on the /project/vmware/images/... directory.

Configuration of VMware authd

Set /etc/pam.d/vmware-authd to:

auth required   /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
auth required   /lib/security/$ISA/pam_deny.so

account sufficient       /lib/security/pam_unix2.so
account sufficient       /lib/security/pam_unix_acct.so
account required         /lib/security/$ISA/pam_ldap.so

and now the remote authentication using your LDAP NDPF password to connect to the VMware server MUI works again. Note that the file "/etc/vmware/pam.d/vmware-authd" is entirely useless and is ignored for the VMware MUI.