pam_authz.5 (2010 09)
p
pam_authz(5) pam_authz(5)
RHOSTIP
Returns the IP address of the remote host system from which the user
starts the PAM enabled application, such as telnet.
RHOSTNAME
Returns the name of the remote host system from which the user starts
the PAM enabled application, such as telnet.
<function_name>
This field defines the <function_name> in the specified <library_name>
that PAM_AUTHZ uses to evaluate security policy settings with the user.
The following describes the valid entries for this field:
check_rhds_policy
If this option is specified, PAM_AUTHZ evaluates all the necessary
account and password policies settings, stored in the HP-UX Directory
Server or Red Hat Directory Server, for the user.
check_ads_policy
If this option is specified, PAM_AUTHZ evaluates all the necessary
account and password policies settings, stored in the Windows Active
Directory Server, for the login user.
Here is an example of access rules in an
access policy file:
allow:unix_user:peter,john,mary
allow:unix_group:admin,operator,support
deny:unix_group:guest,contractor,vendor
PAM_USER_UNKNOWN:netgroup:netcom,netprint,netmail
allow:ldap_group:cn=admingroup,ou=eng,dc=example,dc=com
allow:ldap_filter:(&(manager=tomc)(departmentnumber=113))
allow:unix_local_user
allow:ldap_filter:(&(manager=Joeh)(hostname=$[HOSTNAME]))
status:rhds:check_rhds_policy
For more information on constructing access rules and creating the
policy file, please refer to the LDAP-UX Administration Guide.
The following options may be passed to the
pam_authz service module:
debug syslog() debugging information at LOG_DEBUG level.
policy=<file> Specifies the access policy file that should be loaded for a ser-
vice. Login is denied if the specified file can not be opened.
nowarn Turn off warning messages.
use_first_pass This option is ignored.
try_first_pass This option is ignored.
The
pam_sm_setcred() function sets user specific credentials. In the case of pam_authz, this is a
NULL function.
Session Management Module
The session management component provides functions to initiate (
pam_sm_open_session()) and
terminate (pam_sm_close_session()) sessions. For pam_authz, pam_open_session() is a
NULL function. The following options may be passed in to the pam_authz service module:
HP-UX 11i v3: June 2010 Web Release − 5 − Hewlett-Packard Company 5