LDAP-UX Client Services B.05.00 with Microsoft Windows Active Directory Server Administrator's Guide (obsolete beyond B.05.00)
ftp account required libpam_unix.so.1
OTHER account required libpam_unix.so.1
#
# Session management
#
login session required libpam_hpsec.so.1
login session sufficient libpam_krb5.so.1
login session required libpam_unix.so.1
dtlogin session required libpam_hpsec.so.1
dtlogin session sufficient libpam_krb5.so.1
dtlogin session required libpam_unix.so.1
dtaction session required libpam_hpsec.so.1
dtaction session sufficient libpam_krb5.so.1
dtaction session required libpam_unix.so.1
OTHER session required libpam_unix.so.1
#
# Password management
#
login password required libpam_hpsec.so.1
login password sufficient libpam_krb5.so.1
login password required libpam_unix.so.1 try_first_pass
passwd password required libpam_hpsec.so.1
passwd password sufficient libpam_krb5.so.1
passwd password required libpam_unix.so.1 try_first_pass
dtlogin password required libpam_hpsec.so.1
dtlogin password sufficient libpam_krb5.so.1
dtlogin password required libpam_unix.so.1 try_first_pass
dtaction password required libpam_hpsec.so.1
dtaction password sufficient libpam_krb5.so.1
dtaction password required libpam_unix.so.1 try_first_pass
OTHER password required libpam_unix.so.1
C.2 Sample PAM configuration file for HP-UX trusted mode
This section provides a sample PAM configuration file used on an HP-UX 11i v2 system (or later)
to support the coexistence of LDAP-UX and Trusted Mode. If your directory server is the Microsoft
Windows 2003 R2 or 2008 Active Directory Server and your LDAP client is in Trusted Mode, the
pam.conf file must be configured as shown. The main differences between this file and the sample
file pam.conf in the preceding section are in the session management and password sections.
To create the /etc/pam.conf example file on an HP-UX 11i v2 (or later) system, follow these
steps (see also Section 2.4.5.3 (page 46)).
1. Copy the /etc/pam.krb5 file to the /etc/pam.conf file.
2. Edit the /etc/pam.conf file and change the control flag for the libpam_krb5.so.1
entries to "required" in the session management section.
3. Add the try_first_pass option to the libpam_unix.so.1 entry in the password
management section; this prevents prompting " old password" twice when a local user
changes his password or logs in with an expired password.
#
# PAM configuration
#
# This pam.conf file is intended as an example only.
# see pam.conf(4) for more details
#
################################################################
# This sample file will authenticate the user who belongs to #
# either Kerberos or Unix system. Using this configuration file#
# if the user is authenticated through Kerberos, then the Unix #
# authentication will not be invoked. However, if the Kerberos #
# authentication fails for the user, then the fallback #
# authentication mechanism PAM-Unix will be invoked to #
# authenticate the user. The assumption is the user is either #
152 Sample PAM configuration (pam.conf) files for Windows ADS