Manualshelf

LDAP-UX Client Services B.05.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
101102103104105106107108109110
deny_local Specifies the deny_local option
The following example shows the portion of the /etc/pam.conf file that configures the
authentication and account services. As a result, for any attempt to use these services to log in
or establish a session on the HP-UX client system, if PAM_LDAP detects an equivalent account
name or UID in the /etc/passwd file, it returns PAM_IGNORE (PAM_LDAP does not
authenticate the user). If an equivalent account name or UID is not found in the /etc/passwd
file, PAM_LDAP returns the appropriate authentication status (which could be, for example,
notification that the credential is invalid, the password needs to be updated, or that the
authentication succeeded; the status reported depends on the circumstances when the user tries
to authenticate).
#
# PAM configuration
#
# This pam.conf file is intended as an example only.
#
# Please note that this configuration file has only been modified for the
# default services. Other services can be added or modified as
# needed or desired. If a service is not listed, it will use the
# OTHER classification
#
# the format for a entry is
# <service> <module_type> <control> <module path> <options>
#
#Notes:
#
# If the path to a library is not absolute, it is assumed to be relative
# to the directory /usr/lib/security/$ISA/
#
# The "$ISA" (i.e Instruction Set Architecture) token is replaced by the
# PAM engine (libpam) with "hpux64" for IA 64-bit modules, or with "hpux32"
# for IA 32-bit modules, or with "pa20_64" for PA 64-bit modules, or with
# NULL for PA 32-bit modules.
#
# For PA applications, library name ending with "so.1" is a symbolic link
# that points to the corresponding PA (32 or 64-bit) backend library.
#
# see pam.conf(4) for more details
#
# Authentication management
#
login auth required libpam_hpsec.so.1
login auth sufficient libpam_unix.so.1
login auth required libpam_ldap.so.1 try_first_pass deny_local
su auth required libpam_hpsec.so.1 bypass_setaud
su auth sufficient libpam_unix.so.1
su auth required libpam_ldap.so.1 try_first_pass deny_local
dtlogin auth required libpam_hpsec.so.1
dtlogin auth sufficient libpam_unix.so.1
dtlogin auth required libpam_ldap.so.1 try_first_pass deny_local
dtaction auth required libpam_hpsec.so.1
dtaction auth sufficient libpam_unix.so.1
dtaction auth required libpam_ldap.so.1 try_first_pass deny_local
ftp auth required libpam_hpsec.so.1
ftp auth sufficient libpam_unix.so.1
ftp auth required libpam_ldap.so.1 try_first_pass deny_local
rcomds auth required libpam_hpsec.so.1
rcomds auth sufficient libpam_unix.so.1
rcomds auth required libpam_ldap.so.1 try_first_pass deny_local
sshd auth required libpam_hpsec.so.1
sshd auth sufficient libpam_unix.so.1
sshd auth required libpam_ldap.so.1 try_first_pass deny_local
108 Installing and configuring LDAP-UX Client Services