Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
31323334353637383940
2.3.2 PAM Libraries
PAM service modules are implemented by shared libraries. PAM enables multiple
authentication technologies to co-exist in HP-UX. The /etc/pam.conf configuration file
determines which authentication module to use. The PAM libraries are as follows:
PAM_DCE
The PAM_DCE modules enable integration of DCE into the system entry services
(such as login, telnet, rlogin, ftp). The PAM_DCE modules provide
functionality for the authentication, account management, and password management
modules. These modules are supported through the PAM_DCE library, /usr/lib/
security/pam_dce.sl. See pam_dce(5) for more information.
PAM_HPSEC
The PAM_HPSEC modules manage extensions specific to HP-UX for authentication,
account management, password management, and session management. The use
of /usr/lib/security/$ISA/libpam_hpsec.so.1 is mandatory for services
such as login, dtlogin, ftp, su, remsh, rexec, and ssh. These services must
place libpam_hpsec.so.1 on the top of the stack above one or more nonoptional
modules. The pam_hpsec module also enforces several attributes defined in /etc/
default/security. See pam_hpsec(5) and security(4) for more information.
PAM_KRB5
Kerberos is a network authentication protocol that enables secure communication
over networks without transmitting passwords in clear text. A password is
authenticated by the Key Distribution Center (KDC), which then issues a Ticket
Granting Ticket (TGT). The PAM Kerberos shared library is /usr/lib/security/
libpam_krb5.1. See pam_krb5(5) for more information.
PAM_LDAP
The Lightweight Directory Access Protocol (LDAP) is a standard for centralizing user,
group, and network management information through directory services.
Authentication takes place on an LDAP directory server.
For more information, see the HP-UX LDAP-UX Integration Software documentation:
www.hp.com/go/hpux-security-docs
Click HP-UX LDAP-UX Integration Software.
PAM_NTLM
The PAM NT LAN Manager enables HP-UX users to be authenticated against
Windows servers during system login. PAM NTLM uses NT servers to authenticate
users logging in to an HP-UX system.
For more information, see the HP CIFS Client Administrator's Guide:
http://www.hp.com/go/hpux-networking-docs
36 Administering User and System Security