Using the Loadable authentication module

The Loadable authentication module (LAM) performs both authentication and identification on AIX systems.

The Loadable authentication module (LAM) is different from the Pluggable authentication module (PAM), which performs only authentication.

HCL Workload Automation automatically installs the plug-in that enables WebSphere Application Server to use PAM-enabled authentication as the default authentication system on UNIX and Linux operating systems.

The LAM is used to provide identification, such as account name and attribute information, and authentication, such as password storage and verification, or both. The AIX security subsystem directs authentication and identification requests to the proper method by using two attributes: registry and SYSTEM.

Where users and their user attributes are defined (local, LDAP) is reflected by the registry user attribute and how users are authenticated (local, NIS, LDAP, Kerberos) is reflected by the SYSTEM attribute.

HCL Workload Automation uses a custom registry module to integrate LAM in WebSphere Application Server. You can activate LAM on AIX systems by setting the activeUserRegistry property to CustomLAM, and then running the changeSecurityProperties.sh script indicating the property file to update the value.