Skip to main content
Version: Axidian Privilege 3.0

Configuring PAM for work with NFS

Before configuring PAM to work with NFS, you must install and configure NFS media storage.

  1. Create a folder for mounting media storage on the server. You can also use a ready-made folder, for example, /etc/axidian/axidian-pam/media-temp.

    sudo mkdir -p /mnt/pamstorage/

  2. Install NFS mount client:

    • RPM:

      sudo yum install nfs-utils

    • DEB:

      sudo apt install nfs-common

  3. Mount the storage:

    Command template
    sudo mount -t nfs <fqdn_or_ip_nfs_server>:/path/to/media_storage /path/to/mount/folder
    Command example
    sudo mount -t nfs 192.168.131.200:/mnt/data_storage/ /mnt/pamstorage/

  4. Add storage mount to autostart:

    To automatically mount NFS on system startup, add an entry to the /etc/fstab file:

    Command template
    <fqdn_or_ip_nfs_server>:/path/to/media_storage /path/to/mount/folder nfs defaults 0 0

    File example:

    Command example
    192.168.131.200:/mnt/data_storage/ /mnt/pamstorage/ nfs defaults 0 0

    To verify the mount, run the command:

    sudo mount

  5. Edit the volumes section in the docker-compose files for Core and Gateway-Service:

    • Core: Path to the file on the management server: /etc/axidian/axidian-pam/docker-compose.management-server.yml
    • Gateway-Service: Path to the file on the access server: /etc/axidian/axidian-pam/docker-compose.access-server.yml

    You need to add the path to the mounted storage to the volumes section:

    - /path/to/mount/folder:/mnt/storage:rw,z

    Example for Core:

    core:
      image: nexus.axidian-id.hq:5050/pam/axidian-pam-core:${TAG}
      container_name: pam-core
      extends:
        file: docker-compose.common-services.yml
        service: base
      pids_limit: 5000
      depends_on:
        - ca-certificates
        - pgsql
      environment:
        - COMPlus_EnableDiagnostics=0
      user: root
      read_only: false
      security_opt:
        - apparmor=pam-management
      volumes:
        - ./core/events:/var/lib/axidian/axidian-pam/events:rw,Z
        - ./core/appsettings.json:/app/appsettings.json:ro,z
        - ./keys/shared/protector:/etc/axidian/axidian-pam/keys/shared/protector:ro,z
        - ./keys/core:/etc/axidian/axidian-pam/keys/core:ro,Z
        - ./logs/core:/app/logs:rw,Z
        - /mnt/pamstorage:/mnt/storage:rw,z  # NFS mount example
        - pam-core-temp-data:/var/lib/axidian/axidian-pam:rw
        - pam-ca-cert-store:${CERT_STORE}:ro
      tmpfs:
        - /tmp
      networks:
        - pam-core-network
        - pam-ls-network

  6. Edit the Storage section of the Core and Gateway-Service configuration files:

    • Core: Path to the configuration file on the management server: /etc/axidian/axidian-pam/core/appsettings.json
    • Gateway-Service: Path to the configuration file on the access server: /etc/axidian/axidian-pam/gateway-service/appsettings.json

    In both files you need to specify the path to the mounted storage:

    "Storage": {
      "Type": "FileSystem",
      "Settings": {
        "Root": "/mnt/storage"
      }
    }

  7. Restart containers using the following command:

    sudo bash /etc/axidian/axidian-pam/scripts/run-pam.sh