Manualshelf

HP Systems Insight Manager 5.2 Update 2 Technical Reference Guide

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager for Linux
161162163164165166167168169170
Configuring PAM on a Linux system
The administrator of a Linux CMS can customize the PAM that HP SIM uses. The file
/etc/pam.d/mxpamauthrealm contains the authentication steps for the HP SIM web server interface.
The default for this file is:
#%PAM-1.0
auth required /lib/security/pam_unix.so
account required /lib/security/pam_unix.so
session required /lib/security/pam_unix.so
This default setup directs PAM to use the standard UNIX authentication module to authenticate users attempting
to sign in to the HP SIM web server interface. Standard calls from the system libraries are used to access
account information usually read from /etc/password or /etc/shadow.
The administrator of the system can adjust these requirements to conform to the security requirements of the
system. For example, if the security policy on the system is time dependent and /etc/security/time.conf
is configured, you could adjust mxpamauthrealm to:
#%PAM-1.0
auth required /lib/security/pam_unix.so
account required /lib/security/pam_unix.so
session required /lib/security/pam_unix.so
Configuring PAM on an HP-UX system
Customizing PAM security on HP-UX is similar. All of the PAM configurations are stored in /etc/pam.conf.
The lines for HP SIM on HP-UX 11i are:
mxpamauthrealm auth required /usr/lib/security/libpam_unix.1
mxpamauthrealm account required /usr/lib/security/libpam_unix.1
mxpamauthrealm session required /usr/lib/security/libpam_unix.1
The lines for HP SIM on HP-UX 11i 2.0 are:
mxpamauthrealm auth required /usr/lib/security/$ISA/libpam_unix.1
mxpamauthrealm account required /usr/lib/security/$ISA/libpam_unix.1
mxpamauthrealm session required /usr/lib/security/$ISA/libpam_unix.1
If you want the HP SIM web server login model to match what is configured for your other login methods
(telnet, rlogin, login, ssh, and so on), configure the same plug-in modules that are used by these other login
methods. These modules should be defined by the login service name in the /etc/pam.conf file or the
/etc/pam.d/login file.
Related topics
Networking and security
About secure task execution
Installing OpenSSH
Managing SSH keys
About secure task execution
HP Systems Insight Manager (HP SIM)
tasks
that cause state or configuration changes on
managed systems
use
secure task execution
(STE) to issue commands to the system. STE enables an HP SIM system to securely
request execution of a task from a managed system, ensuring that the
user
requesting the task has the
appropriate rights to perform the task. The request includes a digital signature to uniquely identify the HP
SIM system making the request.
Secure Sockets Layer
(SSL) is then used to encrypt the request and protect
the data from alteration or eavesdropping. See “Setting up trust relationshipsfor more information.
164 Networking and security