LDAP-UX Client Services B.04.15 Administrator's Guide
C Sample /etc/pam.ldap.trusted file
This Appendix provides the sample PAM configuration file, /etc/pam.ldap.trusted, used
as the /etc/pam.conf file to support the coexistence of LDAP-UX and Trusted Mode. This
/etc/pam.ldap.trusted file must be used as the /etc/pam.conf file if your directory server
is the Netscape/Red Hat Directory Server and your LDAP client is in the Trusted Mode. If your
system is in a standard mode, you still need to use the/etc/pam.ldapfile as the /etc/
pam.conffile.
The following is a sample PAM configuration file, /etc/pam.ldap.trusted, used on the
HP-UX 11.0 or 11i v1 system:
# # PAM configuration
# # This pam.conf file is intended as an example only. # #
################################################################
# This configuration file has only been modified for default #
# services. Other services can be added or modified as needed #
# or desired. If a service is not listed, it will use the #
# OTHER classification. #
# #
# the format for a entry is #
# <service> <module_type> <control> <module path> <options>
# #
# # see pam.conf(4) for more details
# #
# # NOTE: This pam.conf file is recommended only if you convert
# # your system to a Trusted System. If your system is in the
# # Standard Mode, use the pam.ldap file as an example.
# #
# #
# ################################################################
# # Authentication management # login auth sufficient /usr/lib/security/libpam_ldap.1
login auth required /usr/lib/security/libpam_unix.1 try_first_pass
su auth sufficient /usr/lib/security/libpam_ldap.1 su
auth required /usr/lib/security/libpam_unix.1 try_first_pass
dtlogin auth sufficient /usr/lib/security/libpam_ldap.1 dtlogin
auth required /usr/lib/security/libpam_unix.1 try_first_pass
dtaction auth sufficient /usr/lib/security/libpam_ldap.1 dtaction
auth required /usr/lib/security/libpam_unix.1 try_first_pass
ftp auth sufficient /usr/lib/security/libpam_ldap.1 ftp
auth required /usr/lib/security/libpam_unix.1 try_first_pass
OTHER auth sufficient /usr/lib/security/libpam_ldap.1 OTHER
auth required /usr/lib/security/libpam_unix.1 try_first_pass
# Account management # login account sufficient /usr/lib/security/libpam_ldap.1
login account required /usr/lib/security/libpam_unix.1 su
account sufficient /usr/lib/security/libpam_ldap.1 su
account required /usr/lib/security/libpam_unix.1 dtlogin
account sufficient /usr/lib/security/libpam_ldap.1 dtlogin
account required /usr/lib/security/libpam_unix.1 dtaction account
sufficient /usr/lib/security/libpam_ldap.1 dtaction account required
/usr/lib/security/libpam_unix.1 ftp account sufficient
/usr/lib/security/libpam_ldap.1 ftp account required /usr/lib/security/libpam_unix.1
OTHER account sufficient /usr/lib/security/libpam_ldap.1 OTHER
account required /usr/lib/security/libpam_unix.1 # Session
management # login session requried /usr/lib/security/libpam_ldap.1
login session required /usr/lib/security/libpam_unix.1 dtlogin
session required /usr/lib/security/libpam_ldap.1 dtlogin
session required /usr/lib/security/libpam_unix.1 dtaction session
required /usr/lib/security/libpam_ldap.1 dtaction session required
/usr/lib/security/libpam_unix.1 OTHER session required
/usr/lib/security/libpam_ldap.1 OTHER session required /usr/lib/security/libpam_unix.1
# Password management # login password.sufficient /usr/lib/security/libpam_ldap.1
login password required /usr/lib/security/libpam_unix.1
try_first_pass passwd password sufficient /usr/lib/security/libpam_ldap.1
passwd password required /usr/lib/security/libpam_unix.1
try_first_pass dtlogin password sufficient /usr/lib/security/libpam_ldap.1
dtlogin password required /usr/lib/security/libpam_unix.1
try_first_pass dtaction password sufficient /usr/lib/security/libpam_ldap.1
dtaction password required /usr/lib/security/libpam_unix.1
try_first_pass OTHER password sufficient /usr/lib/security/libpam_ldap.1
OTHER password required /usr/lib/security/libpam_unix.1
try_first_pass
The following is a sample PAM configuration file, /etc/pam.ldap.trusted, used for the
HP-UX 11i v2 system:
# # PAM configuration
# # This pam.conf file is intended as an example only. # #
################################################################
# This configuration file has only been modified for default #
# services. Other services can be added or modified as needed #
# or desired. If a service is not listed, it will use the #
# OTHER classification. #
# #
# the format for a entry is #
247