Hi,
I want to enable PAM authentication for Confd. The same shall be used for any access to Confd and there should be no Local Authentication allowed. How can I do that?
Thanks!
Regards,
Ankit
See the ConfD User Guide, chapter “AAA Infrastructure”, section “Authentication”; there is a paragraph dedicated to PAM authentication, but you may need to read other parts too.
Hi Martin,
Thanks for the inputs.
Actually I have read them and tried implementing the same by removing users and groups from aaa_init.xml and enabling PAM in confd.conf, but somehow still access is being granted to confd_cli and other remote access.
In there any way by which I can confirm if I have configured PAM correctly or not.
Regards,
Ankit
confd_cli skips authentication, if it is invoked from the command line - see man confd_cli. What other remote access methods are ignoring that?
Important AAA-related stuff is logged into the audit log file.