HP-UX PAM RADIUS A.01.00 Release Notes
Authentication Module
The HP-UX PAM RADIUS authentication module provides the following functions:
• The pam_sm_authenticate() function, which verifies the identity of a user
against the RADIUS server
• The pam_sm_setcred() function, which sets user credentials
The following options to the HP-UX PAM RADIUS authentication module can be set
in the /etc/pam.conf file.
debug
This option enables syslog(3C) to log debugging
information at LOG_DEBUG level.
use_first_pass
This option allows the initial password (entered
when the user is authenticated to the first
authentication module in the stack) to
authenticate with the RADIUS server. If the user
cannot be authenticated, or if this is the first
authentication module in the stack, HP-UX PAM
RADIUS quits without prompting the user for a
password. HP recommends that this option be
used only if the authentication module is
designated as optional in the /etc/pam.conf
configuration file.
try_first_pass
This option allows the initial password (entered
when the user is authenticated to the first
authentication module in the PAM stack) to
authenticate with the RADIUS server. If the user
cannot be authenticated, or if this is the first
authentication module in the stack, HP-UX PAM
RADIUS prompts the user for a password.
default_realm=<realm name>
This option enables sending a configured realm
name along with <user name> to the RADIUS
server. The <user name> and configured
<realm name> are combined as <user
name>@<realm name> and sent in the
User-Name RADIUS attribute to the RADIUS
server.
skip_passwd
This option enables HP-UX PAM RADIUS to
authenticate users without prompting for a
password, even if no password is retrieved from
a previous module. HP-UX PAM RADIUS sends
a previous password if it exists. If the previous
password does not exist, it sends a NULL
password. If authentication fails, the
authentication module exits with PAM_ERROR.
4