Configuring PAM for MCS and REST API

Starting in MapR v6.0, no additional configuration is needed to use PAM files for authentication. The apiserver supports PAM and automatically loads the following PAM files, if they exist, in the following order for authentication:

/etc/pam.d/mapr-admin
/etc/pam.d/sudo
/etc/pam.d/sshd
/etc/pam.d/chkpasswd
/etc/pam.d/passed

However, you can create a custom PAM profile and set the admin server property to point to a specific PAM file to use for authentication:

  1. Open the /opt/mapr/apiserver/conf/properties.cfg file and set the PAM file as the value for the authentication.pam.service property.
    For example, to set mapr-admin as the file to use for authentication, your entry in the file should look similar to the following:
    ojai.cache.size=64
    mapr.webui.https.port=8443
    doc.url=https://maprdocs.mapr.com/home
    proxy.zkservices=elasticsearch,opentsdb
    authentication.pam.service=mapr-admin
  2. Save and close the file.