Manualshelf

Configuration Guide for Kerberos Client Products on HP-UX 11.0 | HP-UX 11i v1 | HP-UX 11i v1.6 | HP-UX 11i v2

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software
31323334353637383940
Introduction to the Kerberos Products and GSS-API
PAM Kerberos
Chapter 238
ignore This option returns PAM_IGNORE. Generally this
option should not be used. However, it may not be
desirable or may not be necessary to authenticate
certain users (root, ftp, ...) with Kerberos. In such cases
you can use this option in pam_user.conf(4) for per user
configuration.
It is not recommended for you to use this option in
pam.conf(4). See the examples section.
The Session Management Module
The session management module provides function to terminate
sessions. It cleans up the credential cache file created by the
Authentication module.
The following options can be passed to the session management module
through the /etc/pam.conf(4) file:
debug This option allows syslog(3C) debugging information
at LOG_DEBUG level.
ignore This option returns PAM_IGNORE. Generally this option
should not be used. However, it may not be desirable or
may not be necessary to authenticate certain users
(root, ftp, ...) with Kerberos. In such cases you can use
this option in /etc/pam_user.conf(4) for per user
configuration. It is not recommended for you to use this
option in /etc/pam.conf(4). See the examples
section.
Example
The following is a sample configuration in which no authentication is
done with Kerberos for root. KRB5 PAM module does nothing. It just
returns PAM_IGNORE for user root. For every user other than root, it
will try to authenticate using Kerberos. If Kerberos succeeds, the user is
authenticated. If Kerberos fails to authenticate the user, PAM will try to
authenticate via UNIX PAM using same the password. PAM_IGNORE
for user root.