Configuration Guide for Kerberos Client Products on HP-UX
Sample pam.conf File
Appendix A108
On HP-UX 11i v2 and HP-UX 11i v3
#
# PAM configuration
#
# Notes: This pam.conf file is intended as an example only.
# If the path to a library is not absolute, it is assumed to be
# relative to one of the following directories:
# /usr/lib/security (PA 32-bit)
# /usr/lib/security/pa20_64 (PA 64-bit)
# /usr/lib/security/hpux32 (IA 32-bit)
# /usr/lib/security/hpux64 (IA 64-bit)
# The IA file name convention is normally used; for example:
# libpam_unix.so.1
# For PA libpam_unix.so.1 is a symbolic link to the PA library:
# ln -s libpam_unix.1 libpam_unix.so.1
# Also note that the use of pam_hpsec(5) is mandatory for some of the
# services. See pam_hpsec(5).
# Authentication management
#
login auth sufficient libpam_krb5.so.1
login auth required libpam_unix.so.1
try_first_pass
su auth sufficient libpam_krb5.so.1
su auth required libpam_unix.so.1
try_first_pass
dtlogin auth sufficient libpam_krb5.so.1
dtlogin auth required libpam_unix.so.1
try_first_pass
dtaction auth sufficient libpam_krb5.so.1
dtaction auth required libpam_unix.so.1
try_first_pass
ftp auth sufficient libpam_krb5.so.1
ftp auth required libpam_unix.so.1
try_first_pass
OTHER auth sufficient libpam_unix.so.1
#
# Account management
#
login account required libpam_krb5.so.1
login account required libpam_unix.so.1
su account required libpam_krb5.so.1
su account required libpam_unix.so.1
dtlogin account required libpam_krb5.so.1
dtlogin account required libpam_unix.so.1
dtaction account required libpam_krb5.so.1