pam.conf.4 (2010 09)
p
pam.conf(4) pam.conf(4)
In the case of dtlogin, the
sufficient keyword for control_flag specifies that if the UNIX authenti-
cation check succeeds, then PAM should return success to
dtlogin. The inhouse authentication module
(the next module in the stack) will only be invoked if the UNIX authentication check fails.
Configuration Per User
/etc/pam.conf
contains information to configure all the users on a system. But sometimes it is neces-
sary to configure user by user. A user policy definition is made through a specific module named
libpam_updbe.so.1
. This module reads a file named
/etc/pam_user.conf
which describes the
user’s configurations.
Below is a sample configuration file (
/etc/pam.conf) that uses the module
libpam_updbe.so.1
.
login auth required libpam_hpsec.so.1
login auth required libpam_updbe.so.1
login auth required libpam_unix.so.1
su auth required libpam_hpsec.so.1
su auth required libpam_updbe.so.1
su auth required libpam_unix.so.1
OTHER auth required libpam_hpsec.so.1
OTHER auth required libpam_unix.so.1
login password required libpam_hpsec.so.1
login password required libpam_updbe.so.1
login password required libpam_unix.so.1
passwd password required libpam_hpsec.so.1
passwd password required libpam_updbe.so.1
passwd password required libpam_unix.so.1
OTHER password required libpam_hpsec.so.1
OTHER password required libpam_unix.so.1
The module
libpam_updbe.so.1
searches the configuration file /etc/pam_user.conf and reads
the configuration associated with the login name of the current user. If there is no configuration concern-
ing the current user in the
pam_user.conf
file, the PAM framework ignores the line containing
libpam_updbe.so.1
. /etc/pam.conf applies for those users who are not configured in
pam_user.conf.
Notes
If an error is found in an entry due to invalid service_name , module_type ,orcontrol_flag, then the entry
is ignored. If there are no valid entries for the given module_type , the PAM framework returns an error
to the application.
EXAMPLES
The following is a sample
/etc/pam.conf
configuration file. Lines that begin with the # symbol are
treated as comments, and therefore ignored.
#
# PAM configuration
#
# Authentication management for login service is stacked.
# Both UNIX and inhouse authentication functions are invoked,
# in addition to hpsec authentication functions.
login auth required libpam_hpsec.so.1
login auth required libpam_unix.so.1
login auth required libpam_inhouse.so.1 try_first_pass
dtlogin auth required libpam_hpsec.so.1
dtlogin auth required libpam_unix.so.1
dtlogin auth required libpam_inhouse.so.1 try_first_pass
#
# Other services use hpsec and UNIX authentication
other auth required libpam_hpsec.so.1
other auth required libpam_unix.so.1
#
# Account management for login service is stacked.
# hpsec and UNIX account management are required;
# inhouse account management is optional
HP-UX 11i Version 3: September 2010 − 3 − Hewlett-Packard Company 3