LDAP-UX Client Services B.04.15 Administrator's Guide
D Sample /etc/pam.conf File for Security Policy Enforcement
This Appendix provides the sample PAM configuration file, /etc/pam.conf file to support
account and password policy enforcement. In the /etc/pam.conf file, the pam_authz library
must be configured for the sshd and rcommds services under account management role.
The following is a sample PAM configuration file, /etc/pam.conf, used on the HP-UX 11i v1
system:
# # PAM configuration
# # This pam.conf file is intended as an example only. # #
################################################################
# This configuration file has only been modified for default #
# services. Other services can be added or modified as needed #
# or desired. If a service is not listed, it will use the #
# OTHER classification. #
# #
# the format for a entry is #
# <service> <module_type> <control> <module path> <options>
# #
# # see pam.conf(4) for mor details
# #
# #
# ################################################################
# # Authentication management # login auth sufficient /usr/lib/security/libpam_unix.1
login auth required /usr/lib/security/libpam_ldap.1 try_first_pass
su auth sufficient /usr/lib/security/libpam_unix.1 su
auth required /usr/lib/security/libpam_ldap.1 try_first_pass
dtlogin auth sufficient /usr/lib/security/libpam_unix.1 dtlogin
auth required /usr/lib/security/libpam_ldap.1 try_first_pass
dtaction auth sufficient /usr/lib/security/libpam_unix.1 dtaction
auth required /usr/lib/security/libpam_ldap.1 try_first_pass
ftp auth sufficient /usr/lib/security/libpam_unix.1 ftp
auth required /usr/lib/security/libpam_ldap.1 try_first_pass
sshd auth sufficient /usr/lib/security/libpam_unix.1 sshd
auth required /usr/lib/security/libpam_ldap.1 try_first_pass
OTHER auth sufficient /usr/lib/security/libpam_unix.1 OTHER
auth required /usr/lib/security/libpam_ldap.1 try_first_pass
# Account management # login account sufficient /usr/lib/security/libpam_unix.1
login account required /usr/lib/security/libpam_ldap.1 su
account sufficient /usr/lib/security/libpam_unix.1 su
account required /usr/lib/security/libpam_ldap.1 dtlogin
account sufficient /usr/lib/security/libpam_unix.1 dtlogin
account required /usr/lib/security/libpam_ldap.1 dtaction account
sufficient /usr/lib/security/libpam_unix.1 dtaction account required
/usr/lib/security/libpam_ldap.1 ftp account sufficient
/usr/lib/security/libpam_unix.1 ftp account required /usr/lib/security/libpam_ldap.1
rcomds account required /usr/lib/security/libpam_authz.1
rcomds account sufficient /usr/lib/security/libpam_unix.1 rcomds
account required /usr/lib/security/libpam_ldap.1 rcommand
sshd account required /usr/lib/security/libpam_authz.1 sshd
account sufficient /usr/lib/security/libpam_unix.1 sshd
account required /usr/lib/security/libpam_ldap.1 rcommand OTHER
account sufficient /usr/lib/security/libpam_unix.1 OTHER
account required /usr/lib/security/libpam_ldap.1 # Session
management # login session sufficient /usr/lib/security/libpam_unix.1
login session required /usr/lib/security/libpam_ldap.1 dtlogin
session sufficient /usr/lib/security/libpam_unix.1 dtlogin
session required /usr/lib/security/libpam_ldap.1 dtaction session
sufficient /usr/lib/security/libpam_unix.1 dtaction session required
/usr/lib/security/libpam_ldap.1 sshd session sufficient
/usr/lib/security/libpam_unix.1 sshd session required /usr/lib/security/libpam_ldap.1
OTHER session sufficient /usr/lib/security/libpam_unix.1 OTHER
session required /usr/lib/security/libpam_ldap.1 # Password
management # login password.sufficient /usr/lib/security/libpam_unix.1
login password required /usr/lib/security/libpam_ldap.1
try_first_pass passwd password sufficient /usr/lib/security/libpam_unix.1
passwd password required /usr/lib/security/libpam_ldap.1
try_first_pass dtlogin password sufficient /usr/lib/security/libpam_unix.1
dtlogin password required /usr/lib/security/libpam_ldap.1
try_first_pass dtaction password sufficient /usr/lib/security/libpam_unix.1
dtaction password required /usr/lib/security/libpam_ldap.1
try_first_pass OTHER password sufficient /usr/lib/security/libpam_unix.1
OTHER password required /usr/lib/security/libpam_ldap.1
try_first_pass
The following is a sample PAM configuration file, /etc/pam.conf, used on the HP-UX 11i v2
system:
# # PAM configuration
# # This pam.conf file is intended as an example only. # #
################################################################
# This configuration file has only been modified for default #
# services. Other services can be added or modified as needed #
# or desired. If a service is not listed, it will use the #
# OTHER classification. #
# #
249