HP-UX Reference (11i v3 07/02) - 5 Miscellaneous Topics (vol 9)
p
pam_ldap(5) pam_ldap(5)
a NULL funtion. The following options may be passed in to the LDAP service module:
debug syslog() debugging information at LOG_DEBUG level.
nowarn Turn off warning messages.
pam_close_session
is a NULL function.
LDAP Password Management Module
The LDAP password management component provides a function to change passwords
(
pam_sm_chauthtok()
) in the LDAP directory server. This module must be
required in
pam.conf. It can not be optional or
sufficient . The following options may be passed in to the
LDAP service module:
debug syslog() debugging information at LOG_DEBUG level.
nowarn Turn off warning messages.
use_first_pass
Compares the password in the password database with the user’s old password
(entered to the first password module in the stack). If the passwords do not
match, or if no password has been entered, quit and do not prompt the user for
the old password. It also attempts to use the new password (entered to the first
password module in the stack) as the new password for this module. If the new
password fails, quit and do not prompt the user for a new password.
try_first_pass Compares the password in the password database with the user’s old password
(entered to the first password module in the stack). If the passwords do not
match, or if no password has been entered, prompt the user for the old pass-
word. It also attempts to use the new password (entered to the first password
module in the stack) as the new password for this module. If the new password
fails, prompt the user for a new password.
If the user’s password has expired, the LDAP account module saves this information in the authentication
handle using
pam_set_data()
. The LDAP password module retrieves this information from the
authentication handle using
pam_get_data() to determine whether or not to force the user to update
their password.
SEE ALSO
pam(3), pam_authenticate(3), pam_setcred(3), syslog(3C), pam.conf(4), pam_user.conf(4), ldapux(5).
HP-UX 11i Version 3: February 2007 − 2 − Hewlett-Packard Company 353