LDAP-UX Client Services B.04.10 Administrator's Guide (edition 7)

Policy File

The system administrator can define a local access policy and store all defined access rules in

the policy file, /etc/opt/ldapux/pam_authz.policy. The PAM_AUTHZ service module

uses this local policy file to process the access rules and to control the login authorization.

LDAP-UX Client Services provides a sample configuration file,

/etc/opt/ldapux/pam_authz.policy.template. This sample file shows you how to

configure the policy file to work with PAM_AUTHZ. You can copy this sample file and edit it

using the correct syntax to specify the access rules you wish to authorize or exclude from

authorization. For detailed information on how to construct an access rule in the policy file, see

Constructing an Access Rule in pam_authz.policy (page 103).

NOTE: By default, the allow:unix_local_user access rule in the

/etc/opt/ldapux/pam_authz.policy.template file is enabled.

PAM_AUTHZ Login Authorization 101