Manualshelf

LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
421422423424425426427428429430
login password required libpam_unix.so.1 try_first_pass
passwd password required libpam_hpsec.so.1
passwd password sufficient libpam_ldap.so.1
passwd password required libpam_unix.so.1 try_first_pass
dtlogin password required libpam_hpsec.so.1
dtlogin password sufficient libpam_ldap.so.1
dtlogin password required libpam_unix.so.1 try_first_pass
sshd password required libpam_hpsec.so.1
sshd password sufficient libpam_ldap.so.1
sshd password required libpam_unix.so.1 try_first_pass
OTHER password required libpam_hpsec.so.1
OTHER password sufficient libpam_ldap.so.1
OTHER password required libpam_unix.so.1 try_first_pass
D.4 Sample PAM configuration file for HP-UX Trusted Mode with Windows
ADS
This section provides a sample PAM configuration file used on an HP-UX 11i v2 system (or later)
to support the coexistence of LDAP-UX and Trusted Mode. If your directory server is the Microsoft
Windows 2003 R2 or 2008 Active Directory Server and your LDAP client is in Trusted Mode, the
pam.conf file must be configured as shown. The main differences between this file and the sample
file pam.conf in the preceding section are in the session management and password sections.
To create the /etc/pam.conf example file on an HP-UX 11i v2 (or later) system, follow these
steps.
1. Copy the /etc/pam.krb5 file to the /etc/pam.conf file.
2. Edit the /etc/pam.conf file and change the control flag for the libpam_krb5.so.1
entries to "required" in the session management section.
3. Add the try_first_pass option to the libpam_unix.so.1 entry in the password
management section; this prevents prompting " old password" twice when a local user
changes his password or logs in with an expired password.
For a list of all steps that you might need to perform to set up Kerberos support, see Section 3.4.2
(page 128).
#
# PAM configuration
#
# This pam.conf file is intended as an example only.
# see pam.conf(4) for more details
#
################################################################
# This sample file will authenticate the user who belongs to #
# either Kerberos or Unix system. Using this configuration file#
# if the user is authenticated through Kerberos, then the Unix #
# authentication will not be invoked. However, if the Kerberos #
# authentication fails for the user, then the fallback #
# authentication mechanism PAM-Unix will be invoked to #
# authenticate the user. The assumption is the user is either #
# present in Kerberos or in Unix system. #
# #
# The module pam_hpsec(5) is stacked as mandatory module above #
# all the modules for making security checks before #
# authentication. #
################################################################
#
# Authentication management
#
login auth required libpam_hpsec.so.1
login auth sufficient libpam_krb5.so.1
login auth required libpam_unix.so.1 try_first_pass
su auth required libpam_hpsec.so.1
428 Sample PAM configuration (pam.conf) files