LDAP-UX Client Services B.05.00 Administrator's Guide
D Sample /etc/pam.conf file for security policy enforcement
This appendix provides the sample PAM configuration file, /etc/pam.conf file configured to
support account and password policy enforcement. In the /etc/pam.conf file, the PAM_AUTHZ
library must be configured for the sshd and rcommds services under account management
role.
The following is a sample PAM configuration file, /etc/pam.conf, used on the HP-UX 11i v2
system. You can configure the file as such after it is generated by either autosetup or setup.
#
# PAM configuration
#
# This pam.conf file is intended as an example only.
#
#
################################################################
# This configuration file has only been modified for default #
# services. Other services can be added or modified as needed #
# or desired. If a service is not listed, it will use the #
# OTHER classification. #
# #
# the format for a entry is #
# <service> <module_type> <control> <module path> <options> #
# #
# see pam.conf (4) for more details #
# #
################################################################
#
# Authentication management
#
login auth required libpam_hpsec.so.1
login auth sufficient libpam_unix.so.1
login auth required libpam_ldap.so.1 try_first_pass
su auth required libpam_hpsec.so.1
su auth sufficient libpam_unix.so.1
su auth required libpam_ldap.so.1 try_first_pass
dtlogin auth required libpam_hpsec.so.1
dtlogin auth sufficient libpam_unix.so.1
dtlogin auth required libpam_ldap.so.1 try_first_pass
dtaction auth required libpam_hpsec.so.1
dtaction auth sufficient libpam_unix.so.1
dtaction auth required libpam_ldap.so.1 try_first_pass
ftp auth required libpam_hpsec.so.1
ftp auth sufficient libpam_unix.so.1
ftp auth required libpam_ldap.so.1 try_first_pass
rcomds auth required libpam_hpsec.so.1
rcomds auth sufficient libpam_unix.so.1
rcomds auth required libpam_ldap.so.1 try_first_pass
sshd auth required libpam_hpsec.so.1
sshd auth sufficient libpam_unix.so.1
sshd auth required libpam_ldap.so.1 try_first_pass
OTHER auth sufficient libpam_unix.so.1
OTHER auth required libpam_ldap.so.1 try_first_pass
# Account management
#
login account required libpam_hpsec.so.1
login account required libpam_authz.so.1
login account sufficient libpam_unix.so.1
login account required libpam_ldap.so.1
su account required libpam_hpsec.so.1
su account sufficient libpam_unix.so.1
su account required libpam_ldap.so.1
357