Introduction to PAM

Heterogeneous IT environments often contain various domains and operating systems that need to be able to seamlessly communicate. In most environments, the LDAP domain is the central hub for user information and Linux systems need to access the user information for authentication requests.

CyberArk’s OPM-PAM facilitates AD Bridging capabilities as part of the OPM agent that provides enterprise-wide access, authentication and authorization for Linux systems by using an organization’s existing Active Directory (AD) or any other LDAP infrastructure. This solution integrates with Linux PAM and NSS modules to enable privileged users to log in directly using AD credentials, and enable OPM to enforce authorization policy, based on an AD user group. PAM-aware applications can also leverage this bridge to authenticate using AD credentials.

CyberArk’s OPM-PAM offers the following features to streamline user authentication:

• Authenticates user with a single LDAP credential
• Maps user's UID from the Active Directory to the *NIX target upon user connection
• Controls access to Unix machines
• Integrates with the machine groups
• Supports PAM-aware applications