Configuration Guide for Kerberos Client Products on HP-UX 11.0 | HP-UX 11i v1 | HP-UX 11i v1.6 | HP-UX 11i v2
Configuring the Kerberos Environment
Configuration Files for Kerberos Clients
Chapter 370
pam.conf The configuration file /etc/pam.conf controls the behavior of the PAM
modules. The pam.conf file contains a listing of system entry services,
each of which is paired with its corresponding service module. When a
service is requested, its associated module is invoked.
Each entry has the following format:
The following is a sample entry for PAM Kerberos in the pam.conf file on
HP-UX 11.0 and 11i:
The following is a sample entry for PAM Kerberos in the pam.conf file on
HP-UX 11i v1 and 11i v2:
As mentioned in Chapter 2, Introduction to the Kerberos Products and
GSS-API, the PAM Kerberos module provides functionality for two
module_type
s: authentication (
auth
), and password management
(
password
).
Using one of the three values: required, optional, and
sufficient, the
control_flag
field determines the priority and
behavior of the modules stacked for a
module_type
. For example,
Table 3-2
<service_name> <module_type> <control_flag> <module_path>
<options>
Table 3-3
login auth required /usr/lib/security/libpam_krb5.1 debug
ftp auth required /usr/lib/security/libpam_unix.1
Table 3-4
login auth required /usr/lib/security/$ISA/libpam_krb5.so.1
debug
ftp auth required /usr/lib/security/libpam_unix.1
Table 3-5
login auth sufficient /usr/lib/security/libpam_krb5.1 debug
login auth required /usr/lib/security/libpam_unix.1