Guides

PAM Adapter Setup Guide

Suggest Edits

Option Four

Within the configuration file for "pam_truu.so", several options can be adjusted to tailor the authentication process according to specific needs. These options include `debug`, which when enabled, allows for the logging of debugging information through syslog using the AUTH facility. The `enforcebio` option mandates the TruU Identity Server to consistently require biometric authentication for identity verification. /

Another notable feature is the `nooauthcach` option, which prevents the caching of OAuth tokens, compelling the system to request a new token with each authentication attempt. This is particularly relevant in standalone mode. Additionally, the `https_timeout=#` defines the maximum duration allowed for an authentication response before a timeout occurs, while `https_oauth_timeout=#` sets the time limit for OAuth token retrieval.

For environments that do not utilize a caching server, the `standalone` option can be activated. In contrast, the `failifnoqueueserver` option ensures that the module does not attempt to directly obtain an OAuth token. The `disablequeueautostart` option prevents the automatic commencement of the queue service, and `disablerestartonqueuetimeout` stops the automatic restart of the queue if communication timeouts occur between pam_truu and the truuservice.

For user experience, the `suppressnotification` option can be enabled to disable push notifications during login attempts, requiring users to manually refresh the "Actions" menu in the TruU mobile app to view pending actions. Similarly, the `hideuserinstruction` option removes the prompt instructing the user to complete the transaction in the app.

Furthermore, policy groups can be managed effectively through the TruU Admin Console. This console allows administrators to apply uniform policies across multiple servers by placing them into Entitlement Groups accessible via the "Entitlements" tab on the TruU Admin Console, then the "Server" page, or the "Computers" tab to the "Servers" page. It is important to note that any policies set within the TruU Admin Console will be superseded by configurations directly applied to the `pam_truu.so` file on the server. For example, if the console policy enables both biometric and behavioral authentication, but the `enforcebio` option is manually set in the PAM-enabled application or service on the server, users will be compelled to use biometrics for identity verification.

Updated over 1 year ago