LDAP-UX Client Services B.05.00 Administrator's Guide
5.3.4 Policy file
The system administrator can define a local access policy that can be stored in an access policy
file. The default access policy file is /etc/opt/ldapux/pam_authz.policy, but it can be
stored in an alternate location by setting the policy option in pam.conf. The PAM_AUTHZ
service module uses this local policy file to process the access rules and to control the login
authorization. Any service that loads the libpam_authz.1 library will also load this file. The
access policy file location is set per-service in pam.conf, so access rules can be customized for
each service . For example:
login auth required libpam_authz.so.1 policy=/etc/opt/ldapux/login.policy
ftp auth required libpam_authz.so.1 policy=/etc/opt/ldapux/ftp.policy
LDAP-UX Client Services provides a sample configuration file, /etc/opt/ldapux/
pam_authz.policy.template. This sample file shows you how to configure the policy file
to work with PAM_AUTHZ. You can copy this sample file and edit it using the correct syntax
to specify the access rules you wish to authorize or exclude from authorization. For detailed
information on how to construct an access rule in the policy file, see Section 5.3.7 (page 146).
NOTE: By default, the allow:unix_local_user access rule in the /etc/opt/ldapux/
pam_authz.policy.template file is enabled.
5.3 PAM_AUTHZ login authorization 143