FTP provides support for the Pluggable Authentication Module (PAM). PAM is an Open Group standard (RFC 86.0) for user authentication, password modification, session management, and validation of accounts.
The PAM configuration file, /etc/pam.conf, lists the services, and each service is paired with a corresponding service module. When a service is requested, its associated module is invoked. Each entry has the following format:
service_name module_type control_flag module_path options |
You can specify an authentication mechanism for FTP in the PAM configuration file. The default authentication mechanism is UNIX, and its entry in the /etc/pam.conf file is as follows:
ftp auth required /usr/lib/security/libpam_unix.1 |
ftp account required /usr/lib/security/libpam_unix.1 |
Among other authentication methods, FTP supports the DCE and Kerberos authentication methods. To change the default UNIX® authentication method to DCE, edit the entry in the /etc/pam.conf file as follows:
ftp auth required /usr/lib/security/libpam_dce.1 |
ftp account required /usr/lib/security/libpam_dce.1 |
For more information, see the manual Managing Systems and Workgroups: A Guide for HP-UX System Administrators, available at http://docs.hp.com/hpux/onlinedocs/B2355-90742/B2355-90742.html and the manpages pam (3) and pam.conf (4).
Printable version
