Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Administering a System: Managing System Security
Pluggable Authentication Modules (PAM)
Chapter 8 845
If this file is corrupt or missing from the system, root is allowed to log
into the console in single-user mode to fix the problem.
See pam (3), pam.conf (4), and sam (1M) for additional information.
Per-User Configuration
The PAM configuration file /etc/pam_user.conf configures PAM on a
per-user basis. /etc/pam_user.conf is optional. It is needed only if PAM
applications need to behave differently for various users.
Refer to pam_user.conf (4) and pam.conf (4) for more information.
The pam.conf Configuration File
The protected service-names are listed in the system control file,
/etc/pam.conf, under four test categories (
module-type
):
authentication, account, session, and password. See pam.conf (4).
The entries in /etc/pam.conf have the form:
service-name module-type control module-path options
where:
service-name
is the name that the application uses to identify itself
to PAM, such as login. This name is usually the name
of the command that was invoked by the user. The
keyword other (or OTHER) stands for any application
that is not specified for the associated
module-type
.
module-type
is the keyword for the type of authentication:
account Account management
auth User authentication
password Password management
session Session management
control
is a keyword that specifies how to handle multiple
definitions for the same
service-name
and
module-type
. It is one of:
required The test for the module must succeed.
optional The test for the module can fail.