LDAP-UX Client Services B.05.00 with Microsoft Windows Active Directory Server Administrator's Guide (obsolete beyond B.05.00)
passwd password sufficient libpam_krb5.so.1
passwd password required libpam_unix.so.1 try_first_pass
dtlogin password required libpam_hpsec.so.1
dtlogin password sufficient libpam_krb5.so.1
dtlogin password required libpam_unix.so.1 try_first_pass
dtaction password required libpam_hpsec.so.1
dtaction password sufficient libpam_krb5.so.1
dtaction password required libpam_unix.so.1 try_first_pass
OTHER password required libpam_unix.so.1 try_first_pass
C.3 Sample PAM configure file for security policy enforcement
This section provides a sample PAM configuration file to support account and password policy
enforcement for Secure Shell (SSH) key-pair and r-commands. The PAM_AUTHZ library must be
configured in the pam.conf file for the sshd and rcomds services under the account management
section. The PAM_AUTHZ library must be specified as required.
NOTE: The PAM_AUTHZ library should be configured in the pam.conf authentication
management and account management sections only. It should be listed prior to the PAM_LDAP
or PAM_KERBEROS libraries and flagged as required. In the following sample file, it is configured
in the account management section only.
#
# PAM configuration
#
# This pam.conf file is intended as an example only.
# see pam.conf(4) for more details
#
################################################################
# This sample file will authenticate the user who belongs to #
# either the Kerberos or Unix system. Using this configuration #
# file, if the user is authenticated through Kerberos, the Unix#
# authentication will not be invoked. However, if the Kerberos #
# authentication fails for the user, then the fallback #
# authentication mechanism PAM-Unix will be invoked to #
# authenticate the user. The assumption is the user is either #
# present in Kerberos or in Unix system. #
# #
# The module pam_hpsec is stacked as mandatory module above #
# all the modules for making security checks before #
# authentication. #
################################################################
#
# Authentication management
#
login auth required libpam_hpsec.so.1
login auth required libpam_authz.so.1
login auth sufficient libpam_krb5.so.1
login auth required libpam_unix.so.1 try_first_pass
su auth required libpam_hpsec.so.1
su auth required libpam_authz.so.1
su auth sufficient libpam_krb5.so.1
su auth required libpam_unix.so.1 try_first_pass
dtlogin auth required libpam_hpsec.so.1
dtlogin auth required libpam_authz.so.1
dtlogin auth sufficient libpam_krb5.so.1
dtlogin auth required libpam_unix.so.1 try_first_pass
dtaction auth required libpam_hpsec.so.1
dtaction auth required libpam_authz.so.1
dtaction auth sufficient libpam_krb5.so.1
dtaction auth required libpam_unix.so.1 try_first_pass
ftp auth required libpam_hpsec.so.1
ftp auth required libpam_authz.so.1
ftp auth sufficient libpam_krb5.so.1
ftp auth required libpam_unix.so.1 try_first_pass
OTHER auth required libpam_hpsec.so.1
OTHER auth required libpam_authz.so.1
OTHER auth sufficient libpam_krb5.so.1
OTHER auth required libpam_unix.so.1 try_first_pass
154 Sample PAM configuration (pam.conf) files for Windows ADS