Manualshelf

CIFS/9000 Client Release Note, March 2002

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
12345678910
CIFS/9000 Client A.01.07
Features and Fixes in Recent Releases
Chapter 110
Background Information PAM NTLM provides a centralized
authentication service for HP-UX and Microsoft Windows NT servers or
other UNIX servers running HP CIFS/9000 server. HP CIFS/9000 Client
product includes the PAM NTLM that integrates HP-UX login with any
CIFS/9000 server or Windows NT domain controller.
PAM NTLM authenticates the users using encrypted passwords. PAM
NTLM also supports password change and password expiry. So users can
change their NT password from their HP-UX workstation.
The PAM NTLM consists of two shared PAM NTLM libraries, one
provides functionality for all four PAM modules: authentication, account
management, session management and password management, and the
other, provides support to communicate with NT servers using NT
LanManager protocol.
To configure for PAM NTLM, the system administrator must point the
PAM authentication management, account management, session
management and password management to thedynamically loaded PAM
NTLM library /usr/lib/security/libpam_ntlm.1 in the PAM
configuration file (/etc/pam.conf).
Authentication Module The Authentication Module verifies the identity of a
user and sets the user specific credentials. It authenticates users to the NT
server (configured in /etc/opt/cifsclient/pam/smb.conf). If the password
matches and the user has rights to login (account is not disabled), he/she is
allowed to login to the system.
CIFS/9000 client can use this logon information when the user accesses CIFS
mounted shares. So the user doesn’t have to use the cifslogin command before
accessing CIFS shares.
The authentication module supports use_first_pass, try_first_pass and
debug options. With debug option, PAM NTLM logs debug messages to syslog.
Refer to PAM documentation for details on the other options.
Account Management The account management module retrieves the user’s
password expiration information and verifies that the password has not expired.
Except for the above mentioned use, this function does not do any real account
management on NT/UX server. This is provided for compatibility with PAM
specification.
Session Management The session management module provides functions to
initiate and terminate sessions. PAM NTLM does not support Session
management and always returns success. It is provided for compatibility with
the PAM specification.