Manualshelf

HP-UX Secure Shell Getting Started Guide HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3 (5900-3142, June 2013)

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software
21222324252627282930
Numerical group ID
Reserved gecos ID
Initial working directory
Program to user as shell
Following is a sample entry in the /etc/passwd file:
user1:3Km/o4Cyq84Xc:10:15:System Administrator:/home/user1:/sbin/sh
HP-UX Secure Shell verifies the password that you enter against the password in the /etc/passwd
file and allows access only if the passwords match.
For more information on the attributes in an entry in the /etc/passwd file, see passwd(4)
The /etc/passwd file gets default values such as ABORT_LOGIN_ON_MISSING_HOMEDIR and
BOOT_AUTH, BOOT_USERS from the /etc/default/security file. For more information on
different default values, see security(4).
Using the /etc/pam.conf File
Pluggable Authentication Module (PAM) is a generic framework for authentication, authorization,
and accounting. HP-UX Secure Shell supports the following PAM modules:
PAM_UNIX
PAM_LDAP
PAM_KERBEROS
NOTE: HP-UX Secure Shell supports, but is not tested with PAM modules, such as PAM_DCE and
PAM_NTLM.
A PAM module provides functionality for one or more of the following services:
Authentication
Account management
Session management
Password management
The /etc/pam.conf PAM configuration file contains a list of these services. Each service is paired
with a corresponding service module. When an application requests a service, the application
invokes the module associated with the service.
Each entry in the /etc/pam.conf file has the following format:
service_name module_type control_flag module_path options
Following is a sample entry in the /etc/pam.conf file for authentication:
login auth required libpam_unix.so.1 debug
For more information on the PAM configuration file, see pam.conf( 4). For information about a
PAM module, see pam_unix(5) and pam_hpsec(5).
The HP-UX Secure Shell server configuration file, /opt/ssh/etc/sshd_config, contains the
UsePAM directive that enables PAM authentication. If you set this directive to yes, HP-UX Secure
Shell looks at the PAM configuration file for password authentication requests from the client. HP-UX
Secure Shell also attempts password authentication through the configured PAM modules in
sequence, until a connection is established. The details of the authentication method employed by
PAM is transparent to HP-UX Secure Shell. The PAM library informs HP-UX Secure Shell whether
the authentication was successful. The default value for the UsePAM directive is yes.
You can set the UsePAM directive to no. With this setting, any password authentication request
from the client causes HP-UX Secure Shell to ignore the PAM configuration settings on the server.
26 HP-UX Secure Shell Authentication Methods