Forum Discussion
Joel_Moses
Apr 15, 2011Nimbostratus
"default_ssl_oscp" must be some sort of internal triggername for TMM; there are, when OCSP profiles are created, matching PAM profiles that are created in /etc/pam.d on the BigIP:
admin@usherjmosesf5:Active ~ ls -la /etc/pam.d/
total 62
drwxr-xr-x 9 root root 1024 Apr 15 10:50 .
drwxr-xr-x 3 root root 1024 Apr 6 10:40 ..
....
drwxr-xr-x 2 root root 1024 Mar 25 16:40 ocsp
-rw-r--r-- 1 root root 154 Oct 18 13:17 other
-r--r----- 1 root apache 482 Apr 15 10:24 [b]pam_ocsp_ocsp_test_config[/b]
-r--r----- 1 root apache 69 Apr 15 10:24 [b]pam_ocsp_ocsp_test_config.conf[/b]
-rw-r--r-- 1 root root 103 Oct 18 14:06 passwd
....
lrwxrwxrwx 1 root root 17 Apr 6 10:30 system-auth -> local/system-auth
drwxr-xr-x 2 root root 1024 Mar 25 16:40 tacacs
lrwxrwxrwx 1 root root 25 Apr 15 10:24 [b]tmm_ocsp_test_profile -> pam_ocsp_ocsp_test_config[/b]
lrwxrwxrwx 1 root root 25 Apr 15 10:50 [b]tmm_my_ocsp_profile -> pam_ocsp_ocsp_test_config[/b]
So there appears to be a PAM service that is created called "tmm_my_ocsp_profile" when I create an OCSP profile called "my_ocsp_profile". I was wondering if AUTH::start would let you set to _that_ profile name rather than the standard "default_ssl_ocsp" one that the on-box OCSP iRule uses?