HP-UX Reference (11i v2 07/12) - 4 File Formats (vol 8)
p
pam.conf(4) pam.conf(4)
Configuration Per User
/etc/pam.conf
contains information to configure all the users on a system. But sometimes it is neces-
sary to configure user by user. A user policy definition is made through a specific module named
libpam_updbe.so.1
. This module reads a file named
/etc/pam_user.conf
which describes the
user’s configurations.
Below is a sample configuration file (
/etc/pam.conf) that uses the module
libpam_updbe.so.1
.
login auth required libpam_hpsec.so.1
login auth required libpam_updbe.so.1
login auth required libpam_unix.so.1
su auth required libpam_hpsec.so.1
su auth required libpam_updbe.so.1
su auth required libpam_unix.so.1
OTHER auth required libpam_unix.so.1
login password required libpam_hpsec.so.1
login password required libpam_updbe.so.1
login password required libpam_unix.so.1
passwd password required libpam_hpsec.so.1
passwd password required libpam_updbe.so.1
passwd password required libpam_unix.so.1
OTHER password required libpam_unix.so.1
The module
libpam_updbe.so.1
searches the configuration file /etc/pam_user.conf and reads
the configuration associated with the login name of the current user. If there is no configuration concern-
ing the current user in the
pam_user.conf
file, the PAM framework ignores the line containing
libpam_updbe.so.1
. /etc/pam.conf applies for those users who are not configured in
pam_user.conf.
Notes
If an error is found in an entry due to invalid service_name, module_type,orcontrol_flag, then the entry is
ignored. If there are no valid entries for the given module_type, the PAM framework returns an error to
the application.
EXAMPLES
The following is a sample
/etc/pam.conf
configuration file. Lines that begin with the # symbol are
treated as comments, and therefore ignored.
#
# PAM configuration
#
# Authentication management for login service is stacked.
# Both UNIX and inhouse authentication functions are invoked,
# in addition to hpsec authentication functions.
login auth required libpam_hpsec.so.1
login auth required libpam_unix.so.1
login auth required libpam_inhouse.so.1 try_first_pass
dtlogin auth required libpam_hpsec.so.1
dtlogin auth required libpam_unix.so.1
dtlogin auth required libpam_inhouse.so.1 try_first_pass
#
# Other services use UNIX authentication
other auth required libpam_unix.so.1
#
# Account management for login service is stacked.
# hpsec and UNIX account management are required;
# inhouse account management is optional
login account required libpam_hpsec.so.1
login account required libpam_unix.so.1
login account optional libpam_inhouse.so.1
dtlogin account required libpam_hpsec.so.1
dtlogin account required libpam_unix.so.1
dtlogin account optional libpam_inhouse.so.1
#
258 Hewlett-Packard Company − 3 − HP-UX 11i Version 2: December 2007 Update