LDAP-UX Client Services B.05.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

101

102

103

104

105

106

107

108

109

110

module_type Specifies the service module type: authentication (auth), account

management (account), session management (session), or

password management (password).

libpam_ldap.so.1 Specifies the pathname to the PAM_LDAP library object that

implements the service functionality. If the pathname is not

absolute, it is assumed to be relative to /usr/lib/security/

$ISA/.

ignore Specifies the ignore option.

The following is an example of a pam_user.conf file, showing the ignore option specified

for user root under authentication management, account management, session management,

and password management. As a result, when user root attempts to log in to the directory

server, the PAM_LDAP module does not authenticate the user root; it just returns

PAM_IGNORE.

################################################################

# /etc/pam_user.conf #

# Sample configuration for using the ignore option for PAM_LDAP#

# for user root. #

# The format for a entry is #

# <user> <module type> <module path> <options> #

# #

# See pam_user.conf(4) for more details. #

# #

# NOTE: If the path to a library is not absolute, it is assumed#

# to be relative to the directory /usr/lib/security/$ISA. #

# The "$ISA (i.e Instruction Set Architecture) token is #

# replaced by the PAM engine (libpam) with "hpux64" for IA #

# 64-bit modules, or with "hpux32" for IA 32-bit modules, or #

# with "pa20_64" for PA 64-bit modules, or with NULL for PA #

# 32-bit modules. #

# For PA applications, library name ending with "so.1" is a #

# symbolic link that points to the corresponding PA (32 or 64 #

# bit) backend library. #

################################################################

root auth libpam_ldap.so.1 ignore

root account libpam_ldap.so.1 ignore

root session libpam_ldap.so.1 ignore

root password libpam_ldap.so.1 ignore

For more details, see the pam_user.conf(4) manpage. For more information about HP-UX

user authentication and PAM, see the HP-UX System Administrator's Guide: Security

Management, available at the following location:

www.hp.com/go/hpux-core-docs (click HP-UX 11i v3)

2. Configure the PAM_UPDBE library (libpam_updbe) in the /etc/pam.conf file.

NOTE: You must configure this library in order for the configuration in /etc/

pam_user.conf to take effect.

PAM_UPDBE is the user policy definition service module for PAM. It reads options defined

in the user configuration file, /etc/pam_user.conf, and uses pam_set_data to store

the information in the PAM handle for use by subsequent service modules. In /etc/

pam.conf, configure the PAM_UPDBE library for each service module defined in /etc/

pam_user.conf, using the following format for each line entered:

user module_type required libpam_updbe.so.1

where:

user Specifies the user to be ignored by PAM_LDAP authentication

110 Installing and configuring LDAP-UX Client Services