Creating a Custom PAM Profile

Describes how to manually ensure a MapR-unique PAM.

If you wish to ensure that MapR uses a MapR-unique PAM configuration, you can:

  • Leave the /etc/pam.d/sudo file as is - MapR strongly recommends against manually editing the /etc/pam.d/sudo file.

  • Create your own PAM profile in /etc/pam.d, naming it mapr-admin.

  • Manually edit mapr.login.conf and other ecosystem component configuration files to use mapr-admin only.

Example /etc/pam.d/mapr-admin File

Below are some simple examples of what might work in the PAM profile by editing mapr-admin or a different PAM profile.
Note: Be sure to consult with your Linux administrator before modifying PAM profiles.
account     required
account     sufficient uid < 1000 quiet
#Uncomment the following line if ldap is used for user authentication.
#account     [default=bad success=ok user_unknown=ignore]
account     required
auth    sufficient nullok_secure 
auth    requisite uid >= 1000 quiet
auth    sufficient use_first_pass
auth    required
password    sufficient md5 obscure min=4 max=8 nullok try_first_pass
password    sufficient
password    required
session     required
session     required
session     optional

The file /etc/pam.d/sudo should be modified only with care and only when absolutely necessary.