pam_user.conf.4 (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

pam_user.conf(4) pam_user.conf(4)

NAME

pam_user.conf - user conﬁguration ﬁle for pluggable authentication modules

SYNOPSIS

/etc/pam_user.conf

DESCRIPTION

pam_user.conf

is the user conﬁguration ﬁle for the Pluggable Authentication Module architecture, or

PAM. It is not designed to replace the PAM system conﬁguration ﬁle,

pam.conf. For PAM to work

properly,

pam.conf is mandatory (see pam.conf (4)). pam_user.conf

is optional. It is used only

when a user basis conﬁguration is needed. It mainly speciﬁes options to be used by service modules on a

user basis.

The options deﬁned in

pam.conf indicate the default for users who are not conﬁgured in

pam_user.conf

or if the module type is not conﬁgured for some users. For the conﬁguration in

pam_user.conf

to take effect, pam.conf needs to conﬁgure service module

libpam_updbe (see

pam.conf (4)).

Simpliﬁed pam_user.conf Conﬁguration File

The

pam_user.conf

ﬁle contains a listing of login names. Each login name is paired with a

corresponding service module with or without options speciﬁed. Each entry has the following format:

login_name module_type module_path options

Below is an example of the

pam_user.conf

conﬁguration ﬁle.

tom auth /usr/lib/security/$ISA/libpam_unix.so.1 debug use_psd

tom auth /usr/lib/security/$ISA/libpam_dce.so.1 use_first_pass

tom account /usr/lib/security/$ISA/libpam_unix.so.1 use_psd

tom account /usr/lib/security/$ISA/libpam_dce.so.1 try_first_pass

susan auth /usr/lib/security/$ISA/libpam_unix.so.1

susan auth /usr/lib/security/$ISA/libpam_dce.so.1 try_first_pass

The login_name denotes the login name of a user (for example,

tom, susan). For detailed information

on module_type , module_path , and options , see pam.conf (4).

The ﬁrst entry indicates that when the UNIX authentication is invoked for

tom, the options debug and

use_psd will be used. The second entry indicates that when the DCE authentication is invoked for

tom,

the option

use_first_pass will be used. The module type

password is not conﬁgured for tom,

therefore, the

/etc/pam.conf options will take effect. For those users who are not conﬁgured, the

/etc/pam.conf options apply.

Notes

If an error is found in an entry due to invalid login_name or module_type , then the entry is ignored. If

there are no valid entries for the given module_type , the PAM framework ignores

pam_user.conf and

reads the conﬁguration in pam.conf.

EXAMPLES

The following is a sample

pam_user.conf conﬁguration ﬁle. Lines that begin with the # symbol are

treated as comments, and therefore ignored.

# PAM user configuration

# Authentication management

john auth /usr/lib/security/$ISA/libpam_unix.so.1

john auth /usr/lib/security/$ISA/libpam_inhouse.so.1 try_first_pass

david auth /usr/lib/security/$ISA/libpam_unix.so.1 use_psd

david auth /usr/lib/security/$ISA/libpam_inhouse.so.1 try_first_pass

susan auth /usr/lib/security/$ISA/libpam_unix.so.1 use_psd

susan auth /usr/lib/security/$ISA/libpam_inhouse.so.1 try_first_pass

HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1

Summary of content (2 pages)

PAGE 1
pam_user.conf(4) pam_user.conf(4) NAME pam_user.conf - user configuration file for pluggable authentication modules SYNOPSIS /etc/pam_user.conf DESCRIPTION pam_user.conf is the user configuration file for the Pluggable Authentication Module architecture, or PAM. It is not designed to replace the PAM system configuration file, pam.conf. For PAM to work properly, pam.conf is mandatory (see pam.conf (4)). pam_user.conf is optional. It is used only when a user basis configuration is needed.
PAGE 2
pam_user.conf(4) pam_user.conf(4) # Password management john password /usr/lib/security/$ISA/libpam_unix.so.1 david password /usr/lib/security/$ISA/libpam_unix.so.1 susan password /usr/lib/security/$ISA/libpam_unix.so.1 use_psd use_psd SEE ALSO pam(3), pam.conf(4).