Installation guide
Note
To ensure that PAM authentication functions properly, install the pam -devel package.
Configuring RHN Sa te llit e t o use PAM
1. Create a PAM service file in the /etc/pam .d/ directory:
touch /etc/pam.d/rhn-satellite
2. Edit the file with the following information:
auth required pam_env.so
auth sufficient pam_sss.so
auth required pam_deny.so
account sufficient pam_sss.so
account required pam_deny.so
3. Instruct the satellite to us e the PAM service file by adding the following line to the
/etc/rhn/rhn.conf file:
pam_auth_service = rhn-satellite
4. Restart the service to pick up the changes :
rhn-satellite restart
5. To enable a user to authenticate against PAM, select the checkbox labeled Pluggable
Authentication Modules (PAM). It is positioned below the password and password
confirmation fields on the Create User page.
8.11. Enabling Push to Clients
In addition to allowing client systems to regularly poll the Satellite for scheduled actions, you may enable
the Satellite to immediately initiate those tas ks on Provisioning-entitled systems. This bypasses the
typical delay between scheduling an action and the client system checking in with RHN to retrieve it. This
support is provided by the OSA dispatcher (osa-dispatcher).
OSA dispatcher is a service that periodically runs a query that checks the Satellite server to see if there
are any commands to be executed on the client. If there are, it sends a message through jabberd to the
osad instances running on the clients.
Important
SSL must be employed between the Satellite and its clients systems for this feature to work. If the
SSL certificates are not available, the daemon on the client sys tem fails to connect.
To take advantage of this feature, you must first configure your firewall rules to allow connections on the
required port(s), as described in Section 2.4 , “Additional Requirements”.
Then you must install the osa-dispatcher package, which can be found in the RHN Satellite software
channel for the Satellite within the central RHN website. Once installed, start the service on the Satellite
as root using the command:
service osa-dispatcher start
Finally, install the osad package on all client sys tems to receive pushed actions. The package can be
found within the RHN Tools child channel for the systems on the RHN Satellite.
Warning
Do not install the osad package on the Satellite server, as it will conflict with the osa-
dispatcher package installed on the Satellite.
Once installed, start the service on the client systems as root us ing the command:
service osad start
Like other services, osa-dispatcher and osad accept stop, restart, and status commands, as
well.
Keep in mind, this feature depends on the client system recognizing the fully qualified domain name
(FQDN) of the Satellite. This name and not the IP address of the server must be used when configuring
the Red Ha t Update Agent. Refer to the RHN Client Configuration Guide for details.
Now when you s chedule actions from the Satellite on any of the push-enabled systems, the task will
begin immediately rather than wait for the system to check in.
Red Hat Network Satellite 5.4 Installation Guide
4 0