LDAP-UX Client Services B.04.15 Administrator's Guide
rcommand su account required libpam_hpsec.so.1 su
account sufficient libpam_unix.so.1 su account required
libpam_ldap.so.1 dtlogin account required libpam_hpsec.so.1
dtlogin account sufficient libpam_unix.so.1 dtlogin account required
libpam_ldap.so.1 dtaction account required libpam_hpsec.so.1
dtaction account sufficient libpam_unix.so.1 dtaction account required
libpam_ldap.so.1 ftp account required libpam_hpsec.so.1
ftp account sufficient libpam_unix.so.1 ftp account required
libpam_ldap.so.1 rcomds account required libpam_hpsec.so.1
rcomds account sufficient libpam_unix.so.1 rcomds account required
libpam_ldap.so.1 rcommand sshd account required libpam_hpsec.so.1
sshd account sufficient libpam_unix.so.1 sshd account required
libpam_ldap.so.1 OTHER account sufficient libpam_unix.so.1
OTHER account required libpam_ldap.so.1
CAUTION: Setting user password to be returned as any string for the hidden password,
and turning on the "rcommand" option for pam_ldap account management could allow
users with active accounts on a remote host to rlogin to the local host on to a disabled account.
If you have security concerns, see “Security Policy Enforcement with Secure Shell (SSH) or
r-commands” (page 105) section in chapter 5 and Appendix D, “Sample /etc/pam.conf File
for Security Policy Enforcement” (page 249) for detailed information on how to configure
the pam_authz library and the rcommand option under the account management section
in the /etc/pam.conf file.
2.14 Use r-command for PAM_LDAP 65