LDAP-UX Client Services B.04.00 with Microsoft Windows 2000/2003 Active Directory Administrator's Guide
Administering LDAP-UX Client Services
PAM_AUTHZ Login Authorization Enhancement
Chapter 4 97
How Login Authorization Works
The system administrator can define the access rules and store them in
the policy file, /etc/opt/ldapux/pam_authz.policy. PAM_AUTHZ
uses these access rules defined in the policy file to control the login
authorization.
Figure 4-2 PAM_AUTHZ Environment
The following describes the policy validation processed by PAM_AUTHZ
for the user login authorization shown in figure 4-1:.
1. The administrator defines a local policy file and saves all the defined
access rules in the policy configuration file,
/etc/opt/ldapux/pam_authz.policy.
pam enabled
application
pam_authz
authentication
modules,
for example:
pam_kerberos
ldap-ux
client daemon
ldapclientd
policy
configuration file
/etc/group
/etc/netgroup
1
2
3
4
6
5
1
7
LDAP
directory
server
pam_ldap