Manualshelf

HP Systems Insight Manager 5.3 Technical Reference Guide

ManualsBrandsHP ManualsSoftwareHP Systems Insight Manager for HP-UX
161162163164165166167168169170
NOTE: For more information, go to http://h18013.www1.hp.com/products/servers/management/
hpsim/infolibrary.html, and select the appropriate guide for your operating system.
A cookie blocker is installed.
NOTE: HP SIM can be configured to log an
event
in the HP SIM Event Database when a sign-in attempt
fails or succeeds and when a sign-out occurs.
Sign-in authentication on Linux and HP-UX
HP SIM uses PAM to authenticate users who sign in to the web server interface on Linux and HP-UX.
Configuring PAM on a Linux system
The administrator of a Linux CMS can customize the PAM that HP SIM uses. The
/etc/pam.d/mxpamauthrealm file contains the authentication steps for the HP SIM web server interface.
The defaults for this file are:
#%PAM-1.0
auth required /lib/security/pam_unix.so
account required /lib/security/pam_unix.so
session required /lib/security/pam_unix.so
This default setup directs PAM to use the standard UNIX authentication module to authenticate users attempting
to sign in to the HP SIM web server interface. Standard calls from the system libraries access account
information usually read from /etc/password or /etc/shadow.
The administrator of the system can adjust these requirements to conform to the security requirements of the
system. For example, if the security policy on the system is time dependent and /etc/security/time.conf
is configured, you could adjust mxpamauthrealm to:
#%PAM-1.0
auth required /lib/security/pam_unix.so
account required /lib/security/pam_unix.so
session required /lib/security/pam_unix.so
Configuring PAM on an HP-UX system
Customizing PAM security on HP-UX is similar. All of the PAM configurations are stored in /etc/pam.conf.
The lines for HP SIM on HP-UX 11i are:
mxpamauthrealm auth required /usr/lib/security/libpam_unix.1
mxpamauthrealm account required /usr/lib/security/libpam_unix.1
mxpamauthrealm session required /usr/lib/security/libpam_unix.1
The lines for HP SIM on HP-UX 11i v2 are:
mxpamauthrealm auth required /usr/lib/security/$ISA/libpam_unix.1
mxpamauthrealm account required /usr/lib/security/$ISA/libpam_unix.1
mxpamauthrealm session required /usr/lib/security/$ISA/libpam_unix.1
If you want the HP SIM web server login model to match what is configured for your other login methods
(telnet, rlogin, login, ssh, and so on), configure the same plug-in modules that are used by these other login
methods. These modules must be defined by the login service name in the /etc/pam.conf file or the
/etc/pam.d/login file.
Related topics
Networking and security
About secure task execution
166 Networking and security