Configuration Guide for Kerberos Client Products on HP-UX 11.0 | HP-UX 11i v1 | HP-UX 11i v1.6 | HP-UX 11i v2
Introduction to the Kerberos Products and GSS-API
PAM Kerberos
Chapter 240
try_first_pass
login account required /usr/lib/security/$ISA/libpam_updbe.so.1
login account required /usr/lib/security/$ISA/libpam_krb5.so.1
pam_krb5 on HP-UX 11.0 and 11i
login account required /usr/lib/security/libpam_unix.1
login session required /usr/lib/security/libpam_updbe.1
login session required /usr/lib/security/libpam_krb5.1
login session required /usr/lib/security/libpam_unix.1
pam_krb5 on HP-UX 11i v1 and 11i v2
login account required /usr/lib/security/$ISA/libpam_unix.so.1
login session required /usr/lib/security/$ISA/libpam_updbe.so.1
login session required /usr/lib/security/$ISA/libpam_krb5.so.1
login session required /usr/lib/security/$ISA/libpam_unix.so.1
pamkrbval
The pamkrbval tool validates the PAM Kerberos configuration. This tool
verifies the following PAM Kerberos configuration files:
• /etc/pam.conf
• /etc/pam_user.conf
• /etc/krb5.conf
• /etc/krb5.keytab
This tool also checks if the default realm KDC is up and running. This
version of pamkrbval is based on Kerberos V5 Client Version 1.0 and
may not work with configuration files of other Kerberos versions. This
tool will enable the system administrator to diagnose the problem.
The pamkrbval tool validates the following:
• Checks for the validity of the control_flags and the module_types
specified for thePAM Kerberos specific entries in the /etc/pam.conf
file.
• Checks if the PAM Kerberos specific module_path specified in the
/etc/pam.conf exists. If the module_path name is not absolute it is
assumed to be relative to /usr/lib/security/$ISA/. The $ISA
(Instruction Set Architecture) token is replaced by this tool with