LDAP-UX Client Services B.05.00 Administrator's Guide
su account required libpam_hpsec.so.1
su account sufficient libpam_unix.so.1
su account required libpam_ldap.so.1
dtlogin account required libpam_hpsec.so.1
dtlogin account sufficient libpam_unix.so.1
dtlogin account required libpam_ldap.so.1
dtaction account required libpam_hpsec.so.1
dtaction account sufficient libpam_unix.so.1
dtaction account required libpam_ldap.so.1
ftp account required libpam_hpsec.so.1
ftp account sufficient libpam_unix.so.1
ftp account required libpam_ldap.so.1
rcomds account required libpam_hpsec.so.1
rcomds account sufficient libpam_unix.so.1
rcomds account required libpam_ldap.so.1 rcommand
sshd account required libpam_hpsec.so.1
sshd account sufficient libpam_unix.so.1
sshd account required libpam_ldap.so.1
OTHER account sufficient libpam_unix.so.1
OTHER account required libpam_ldap.so.1
CAUTION: Setting the user password to be returned as any string for the hidden password,
and turning on the "rcommand" option for PAM_LDAP account management could allow
users with active accounts on a remote host to rlogin to the local host on to a disabled account.
If you have security concerns, see Section 5.3.10 (page 153) section in chapter 5 and “Sample
/etc/pam.conf file for security policy enforcement” (page 357) for information on how to
configure the PAM_AUTHZ library and the rcommand option under the account management
section in the /etc/pam.conf file.
114 Installing and configuring LDAP-UX Client Services