VAM may be used with the SSH server offerings from Process Software, found in MultiNet, TCPware and SSH for OpenVMS. The SecurID LDAP modules are implemented in the SSH2 server in the form of "plugins" using KEYBOARD-INTERACTIVE authentication, and require a valid VAM license to use. Furthermore, the SSH client used must support KEYBOARD-INTERACTIVE authentication.
Note! This chapter assumes the user is familiar with configuring the SSH offerings from Process Software.
The following sections describe the post-installation setup required to enable the various forms of authentication.
In general, VAM is configured for SSH support via the use of the VAM_CONFIG.DAT file. However, due to restrictions of the SSH environment, not all VAM configuration keywords are honored by SSH. These unused configuration keywords are:
• LDAP_NO_PASSWORD_SYNC
• LGI_AUTH_METHODS
• ALLOW_DECNET_LOGIN
• ALLOW_DECTERM_LOGIN
The SSH2_DIR:SSHD2_CONFIG file must be modified to enable KEYBOARD-INTERACTIVE support and the proper plugin support.
The following example illustrates enabling SecurID support:
AllowedAuthentications keyboard-interactive
AuthKbdInt.Required plugin
AuthKbdInt.Plugin securidplugin
The next example illustrates enabling LDAP support:
AllowedAuthentications keyboard-interactive
AuthKbdInt.Required plugin
AuthKbdInt.Plugin ldapplugin
