Manualshelf

HP CIFS Client A.02.02 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
131132133134135136137138139140
PAM NTLM
PAM NTLM Configuration
Chapter 8136
Configuring the system to use the PAM NTLM Module
This task consists of editing the global HP-UX PAM configuration file
/etc/pam.conf.
IMPORTANT You may not be able to log into the system if PAM is not correctly
configured. Make sure that you understand the PAM framework before
you modify pam.conf. For information on PAM, see these sections of
HP-UX manpages: pam.conf(4), pam_unix(5).
For security reasons, HP strongly recommends you set up your system
such that, for both authentication and password change, the host system
(PAM UNIX), not the password server configured by PAM NTLM,
authenticates root and other privileged users. Access on a per-user basis
can be controlled through the use of libpam_updbe in pam.conf, and the
ignore option to libpam_ntlm in pam_user.conf. See pam.conf(4),
pam_user.conf(4), and pam_updbe(5) for explanations and examples
of usage.
HP also recommends using PAM NTLM services in addition to, not in
place of, PAM-UNIX. This configuration is depicted in the sample
pam.conf file below.
PAM NTLM provides the following services:
Password Authentication
Password Change
Password Change Upon Notice of Expiration
Each service corresponds to a specific section of pam.conf. Add entries for
the services you wish to use:
For Password Authentication, modify the Authentication
management section of pam.conf.
For Password Change, modify Password management.
For Password Change Upon Notice of Expiration, modify
Authentication management, Password management, and Account
management (in order to utilize Password Change Upon Notice of
expiration, you must also enable both Password Authentication and
Password Change).