LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

PAM_AUTHZ will call the <function_name> in the library specified by the <library_name>

field. PAM_AUTHZ returns the value which is one of the PAM return codes described in

Section 7.4.10.5 (page 214).

This access rule consists of the following three fields:

The following describes each field:

action When the status option is specified, PAM_AUTHZ returns whatever

<function_name> in the <library_name> returns, which is one of the

PAM return codes.

library_name This field specifies the name of the library to be loaded that supports the

account and password policies for a particular directory server.

The following describes the valid values for this field:

• rhds: If this option is specified, PAM_AUTHZ loads the /opt/ldapux/

lib/libpolicy_rhds library to process security policy configuration

and examine the user's security policy status attributes stored in the

HP-UX Directory Server or Red Hat Directory Server.

• ads: If this option is specified, PAM_AUHZ loads the /opt/ldapux/

lib/libpolicy_ads library to process security policy configuration

and examine the user's security policy status attributes stored in the

Windows Server 2003 R2 or 2008 Active Directory Server.

function_name This field defines the function name in the specified <library_name> that

PAM_AUTHZ uses to evaluate certain security policy settings with the login

user.

The following describes the valid entries for this field:

• check_rhds_policy: If this option is specified, PAM_AUTHZ evaluates

all the necessary login user account and password policies settings

stored in the HP-UX Directory Server or Red Hat Directory Server.

• check_ads_policy: If this option is specified, PAM_AUTHZ evaluates

all the necessary login user account and password policies settings

stored in the Windows Server 2003 R2 or 2008 Active Directory.

7.4 Configuring PAM_AUTHZ login authorization 211