LDAP-UX Client Services B.04.10 Administrator's Guide (edition 7)
D Sample /etc/pam.conf File for Security Policy Enforcement
This Appendix provides the sample PAM configuration file, /etc/pam.conf file to support
account and password policy enforcement for Secure Shell (SSH) key-pair or r-commands. In
the /etc/pam.conf file, the pam_authz library must be configured for the sshd and rcommds
services under account management role.
The following is a sample PAM configuration file, /etc/pam.conf, used on the HP-UX 11i v1
system:
#
# PAM configuration
#
# This pam.conf file is intended as an example only.
#
#
################################################################
# This configuration file has only been modified for default #
# services. Other services can be added or modified as needed #
# or desired. If a service is not listed, it will use the #
# OTHER classification. #
# #
# the format for a entry is #
# <service> <module_type> <control> <module path> <options> #
# #
# see pam.conf(4) for mor details #
# #
# #
################################################################
#
# Authentication management
#
login auth sufficient /usr/lib/security/libpam_unix.1
login auth required /usr/lib/security/libpam_ldap.1 try_first_pass
su auth sufficient /usr/lib/security/libpam_unix.1
su auth required /usr/lib/security/libpam_ldap.1 try_first_pass
dtlogin auth sufficient /usr/lib/security/libpam_unix.1
dtlogin auth required /usr/lib/security/libpam_ldap.1 try_first_pass
dtaction auth sufficient /usr/lib/security/libpam_unix.1
dtaction auth required /usr/lib/security/libpam_ldap.1 try_first_pass
ftp auth sufficient /usr/lib/security/libpam_unix.1
ftp auth required /usr/lib/security/libpam_ldap.1 try_first_pass
sshd auth sufficient /usr/lib/security/libpam_unix.1
sshd auth required /usr/lib/security/libpam_ldap.1 try_first_pass
OTHER auth sufficient /usr/lib/security/libpam_unix.1
OTHER auth required /usr/lib/security/libpam_ldap.1 try_first_pass
# Account management
#
login account sufficient /usr/lib/security/libpam_unix.1
login account required /usr/lib/security/libpam_ldap.1
su account sufficient /usr/lib/security/libpam_unix.1
su account required /usr/lib/security/libpam_ldap.1
dtlogin account sufficient /usr/lib/security/libpam_unix.1
dtlogin account required /usr/lib/security/libpam_ldap.1
dtaction account sufficient /usr/lib/security/libpam_unix.1
dtaction account required /usr/lib/security/libpam_ldap.1
ftp account sufficient /usr/lib/security/libpam_unix.1
ftp account required /usr/lib/security/libpam_ldap.1
rcomds account required /usr/lib/security/libpam_authz.1
rcomds account sufficient /usr/lib/security/libpam_unix.1
rcomds account required /usr/lib/security/libpam_ldap.1 rcommand
sshd account required /usr/lib/security/libpam_authz.1
sshd account sufficient /usr/lib/security/libpam_unix.1
sshd account required /usr/lib/security/libpam_ldap.1 rcommand
OTHER account sufficient /usr/lib/security/libpam_unix.1
OTHER account required /usr/lib/security/libpam_ldap.1
# Session management
#
login session sufficient /usr/lib/security/libpam_unix.1
193