Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Administering a System: Managing System Security
Pluggable Authentication Modules (PAM)
Chapter 8850
How PAM Works: A Login Example
This example describes the auth process for login.
If there is a single, standard login/auth entry in /etc/pam.conf, such
as:
login auth required /usr/lib/security/libpam_unix.1
login proceeds normally.
If there are two or more system-wide login/auth entries, such as:
login auth required /usr/lib/security/libpam_unix.1
login auth required /usr/lib/security/libpam_dce.1
they are taken in order. In this case, the standard HP-UX login process is
executed. Then the DCE authentication process occurs. If both are
satisfied, login is successful. Both processes are performed, even if the
user fails one of them.
If you require different authentication methods for different users, place
the special entry libpam_udpbe ahead of the authentication modules in
/etc/pam.conf (the lines are numbered for easy reference):
#/etc/pam.conf
#1
login auth required /usr/lib/security/libpam_udpbe.1
#2
login auth required /usr/lib/security/libpam_unix.1
#3
login auth required /usr/lib/security/libpam_dce.1
and place entries for each affected user in /etc/pam_user.conf:
#/etc/pam_user.conf
#4
allan auth /usr/lib/security/libpam_unix.1 debug
#5
allan auth /usr/lib/security/libpam_dce.1 try_first_pass
#6
isabel auth /usr/lib/security/libpam_unix.1 debug use_psd
When allan logs in, line 1 in /etc/pam.conf causes PAM to read
/etc/pam_user.conf. Since the module paths on lines 4 and 5 of
/etc/pam_user.conf match the module paths on lines 2 and 3 of
/etc/pam.conf, PAM temporarily replaces the null
options
fields of lines