Enabling the Pluggable Authentication Module

Jamf Connect Documentation
Solution
Application
Jamf Connect
Content Type
Technical Documentation
Utilities & Services
ft:locale
en-US
  1. Execute the following authchanger command to enable PAM authentication with Jamf Connect: 
    /usr/local/bin/authchanger -DefaultJCRight
  2. In Terminal, access the PAM configuration profile by executing the following command: 
    sudo vi /etc/pam.d/sudo
  3. Enter your local password.
  4. Enter edit mode and do one of the following:
    Note:

    A warning may display when attempting to edit a read-only file. Continue to edit the file, and then refer to step 5 to save your changes.

    1. To allow (but not require) network authentication for sudo commands, add the following entry:
      auth sufficient pam_saml.so

    2. To require network authentication for sudo commands, do the following:

      Add the following entry:

      auth required pam_saml.so

      Comment out the pam_opendirectory.so entry by adding a pound symbol (#) at the beginning of that line.

  5. Press the Escape key to exit the editor mode, and then write and quit the read-only file by executing the following command at the bottom of the Terminal window: :wq!

    Your cursor automatically moves to the bottom of the Terminal window after you exit editor mode.

  6. Configure PAM module preferences in your login window configuration profile.

The PAM module should now prompt users to authenticate with your IdP any time a sudo command is attempted.