LDAP-UX Client Services B.04.00 Administrator's Guide
Installing And Configuring LDAP-UX Client Services
Use r-command for PAM_LDAP
Chapter 276
Use r-command for PAM_LDAP
An enhancement has been implemented to the LDAP-UX Client Services
B.03.20, so that r-commands can work with LDAP account users whose
password is hidden, or not in clear text or crypt syntax.
If you want to use this new fearture, use the following steps:
1. Uncomment out the following line in the
/etc/opt/ldapux/ldapux_client.conf file:
#password_as = “x”
2. On the HP-UX 11.0 or 11i v1 client system, modify account
management session in /etc/pam.conf file for pam_ldap to add
“rcommand” option as shown below:
# Account management
#
login account sufficient /usr/lib/security/libpam_unix.1
login account required /usr/lib/security/libpam_ldap.1 rcommand
su account sufficient /usr/lib/security/libpam_unix.1
su account required /usr/lib/security/libpam_ldap.1
dtlogin account sufficient /usr/lib/security/libpam_unix.1
dtlogin account required /usr/lib/security/libpam_ldap.1
dtaction account sufficient /usr/lib/security/libpam_unix.1
dtaction account required /usr/lib/security/libpam_ldap.1
ftp account sufficient /usr/lib/security/libpam_unix.1
ftp account required /usr/lib/security/libpam_ldap.1
OTHER account sufficient /usr/lib/security/libpam_unix.1
OTHER account required /usr/lib/security/libpam_ldap.1 rcommand
On the HP-UX 11i v2 client system, you will modify account
management session in /etc/pam.conf file for pam_ldap to add
“rcommand” option as follows:
# Account management
#
login account required libpam_hpsec.so.1
login account sufficient libpam_unix.so.1
login account required libpam_ldap.so.1 rcommand
su account required libpam_hpsec.so.1
su account sufficient libpam_unix.so.1
su account required libpam_ldap.so.1