Minimum Elements of a PAM

Administration Guide > Pluggable Authentication Modules > Minimum Elements of a PAM

The minimum elements that comprise a TDV PAM are:

• A manifest file with all required, TDV-specific entries.

• A Java class that implements the javax.security.auth.spi.LoginModule interface and applies a required TDV-specific @CisExtensionProvider class-level annotation.

• A primary deployment JAR file (referenced during PAM deployment) that includes the required components listed above.

— The top-level folder structure of this file’s elements must be: com > tibco > cis > security > auth > module > utils.

— In parallel with the com folder are folders named config (optional; contains pam_instance.properties), lib (optional; contains utility classes and custom or third-party JAR files), and META-INF (contains the manifest file).

You can add optional elements to this JAR file, such as other custom Java classes directly related to the PAM implementation. You can also add utility classes in separate JAR files (in a lib folder within the primary deployment JAR folder) that are referenced as part of the implementation.

You deploy the JAR file to a TDV Server using the TDV utility server_util script, adjusting parameters in deploy.bat to target the installed TDV instance on your system, JAR file name, and so on. After that, you use the TDV Web Manager to add, configure, and enable the login module as an active PAM.

A generic implementation would include these elements:

• The manifest.mf file required for PAM deployment.

• A primary TDV class that implements the required javax.security.auth.spi.LoginModule interface and applies the required @CisExtensionProvider annotation. This annotation identifies the PAM implementation class as a TDV extension provider.

• An interface that implements global TDV constants.

• Helper classes that provide debug logging of internal TDV session security content, PAM-specific email notifications, and other helper methods.

• A JRE system library that is compatible with JDK version 1.7.x.

• Required TDV libraries, other referenced libraries; custom self-logging exception classes; Java mail helper classes.