PAM Kerberos Release Notes for HP-UX 11i v2
PAM Kerberos Release Notes for HP-UX 11i v2
Product Description
Chapter 1 11
root password /usr/lib/security/$ISA/libpam_krb5.so.1 ignore
root account /usr/lib/security/$ISA/libpam_krb5.so.1 ignore
root session /usr/lib/security/$ISA/libpam_krb5.so.1 ignore
#
Refer to the man page of pam_updbe(5) for more information on
pam_user.conf.
debug This option allows syslog (3C) debugging information at LOG_DEBUG level.
krb_prompt In the /etc/pam.conf file, if the flag krb_prompt is added to either the
login/password entry, the prompt will explicitly specify kerberos as shown
below:
$ old password <---- normal prompt if krb_prompt is not set
$ old Kerberos password <--- prompt if krb_prompt is set
Account Management
The account management module retrieves the user’s expiration information and verifies that
the user’s account and password have not expired.
Session Management
The session management module provides functions to initiate and terminate sessions. The
close session is implemented to clean the credentials created by the pam_sm_set_cred
module.
Password Management
The password management module provides a function to change passwords in the Kerberos
password database. The following options may be passed to this PAM module:
use_first_pass, try_first_pass, debug, krb_prompt and ignore.
See Sample /etc/pam.conf file for an example pam.conf configured for PAM Kerberos.
Additional examples are provided under Notes, Cautions and Warnings. The pam_krb5 man
page also provides the above information.