Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 LDAP-UX Client Services B.03.30 with Microsoft Windows 2000 Active Directory Administrator's Guide: HP-UX 11.0 and 11i v1

Appendix F Sample /etc/pam.conf File
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

This Appendix provides a sample PAM configuration file, /etc/pam.conf, to support the coexistence of LDAP-UX and Trusted Mode. If your directory server is the Microsoft Windows 2000 Active Directory Server and your LDAP client is in the Trusted Mode, the /etc/pam.conf file must be configured as shown in the following example file.

Use the following steps to create the /etc/pam.conf example file:

  1. copy the /etc/pam.krb5 file to the /etc/pam.conf file.

  2. Edit the /etc/pam.conf file and change the control flag for the /usr/lib/security/libpam_krb5.1 entries to “required” under the Account management and Session management sessions.

  3. Add the try_first_pass option to the /usr/lib/security/libpam_unix.1 entry for the passwd application under the Password management.

## PAM configuration## This pam.conf file is intended as an example only.# see pam.conf(4) for more details# ################################################################# This sample file will authenticate the user who belongs to   ## either Kerberos or Unix system. Using this configuration file## if the user is authenticated through Kerberos then the Unix  ## authentication will not be invoked. However,if the Kerberos  ## authentication fails for the user, then the fallback         ## authentication mechanism PAM-Unix will be invoked to         ## authenticate the user.The assumption is the user is either   ## present in Kerberos or in Unix system.                       ##                                                              ## In case, the administrator wants the password for all the    ## users to be synchronous between Kerberos and Unix systems,   ## then the control flag should be set to "required" for all    ## the entries with user_first_pass option set for pam_unix.    ## If password synchronization is optional then try_first_pass  ## option need to be set for pam_unix, so that the user can     ## login using the appropriate passwords.                       ################################################################### Authentication management#login      auth sufficient     /usr/lib/security/libpam_krb5.1login      auth required       /usr/lib/security/libpam_unix.1 try_first_passsu         auth sufficient     /usr/lib/security/libpam_krb5.1su         auth required       /usr/lib/security/libpam_unix.1 try_first_passdtlogin    auth sufficient     /usr/lib/security/libpam_krb5.1dtlogin    auth required       /usr/lib/security/libpam_unix.1 try_first_passdtaction   auth sufficient     /usr/lib/security/libpam_krb5.1dtaction   auth required       /usr/lib/security/libpam_unix.1 try_first_passftp          auth sufficient     /usr/lib/security/libpam_krb5.1ftp        auth required       /usr/lib/security/libpam_unix.1 try_first_passOTHER      auth required       /usr/lib/security/libpam_unix.1## Account management#login      account required    /usr/lib/security/libpam_krb5.1login      account required    /usr/lib/security/libpam_unix.1su         account required    /usr/lib/security/libpam_krb5.1su         account required    /usr/lib/security/libpam_unix.1dtlogin    account required    /usr/lib/security/libpam_krb5.1dtlogin    account required    /usr/lib/security/libpam_unix.1dtaction   account required    /usr/lib/security/libpam_krb5.1dtaction   account required    /usr/lib/security/libpam_unix.1ftp        account required    /usr/lib/security/libpam_krb5.1ftp        account required    /usr/lib/security/libpam_unix.1OTHER      account required    /usr/lib/security/libpam_unix.1## Session management#login      session required    /usr/lib/security/libpam_krb5.1login      session required    /usr/lib/security/libpam_unix.1dtlogin    session required    /usr/lib/security/libpam_krb5.1dtlogin    session required    /usr/lib/security/libpam_unix.1dtaction   session required    /usr/lib/security/libpam_krb5.1dtaction   session required    /usr/lib/security/libpam_unix.1OTHER      session required    /usr/lib/security/libpam_unix.1## Password management#login      password sufficient  /usr/lib/security/libpam_krb5.1login      password required    /usr/lib/security/libpam_unix.1passwd     password sufficient  /usr/lib/security/libpam_krb5.1passwd     password required    /usr/lib/security/libpam_unix.1 try_first_passdtlogin    password sufficient  /usr/lib/security/libpam_krb5.1dtlogin    password required    /usr/lib/security/libpam_unix.1dtaction   password sufficient  /usr/lib/security/libpam_krb5.1dtaction   password required    /usr/lib/security/libpam_unix.1
OTHER      password required    /usr/lib/security/libpam_unix.1


Appendix E Sample /etc/krb5.conf File
  		 


Glossary  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2004 Hewlett-Packard Development Company, L.P.