Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
31323334353637383940
login auth required /usr/lib/security/libpam_unix.1
If there are two or more systemwide login auth entries, such as the following,
they are taken in order:
login auth required /usr/lib/security/libpam_unix.1
login auth required /usr/lib/security/libpam_dce.1
In this case, the standard HP-UX login process is executed. Then the DCE
authentication process occurs. If both are satisfied, then the login is successful. Both
processes are performed, even if the user fails one of them.
If you require different authentication methods for different users, place the special
entry libpam_udpbe ahead of the authentication modules in /etc/pam.conf
(the lines are numbered for easy reference):
#/etc/pam.conf
#1
login auth required /usr/lib/security/libpam_udpbe.1
#2
login auth required /usr/lib/security/libpam_unix.1
#3
login auth required /usr/lib/security/libpam_dce.1
Then place entries for each affected user in /etc/pam_user.conf:
#/etc/pam_user.conf
#4
allan auth /usr/lib/security/libpam_unix.1 debug
#5
allan auth /usr/lib/security/libpam_dce.1 try_first_pass
#6
isabel auth /usr/lib/security/libpam_unix.1 debug use_psd
When allan logs in, line 1 in /etc/pam.conf causes PAM to read/etc/
pam_user.conf. Because the module paths on lines 4 and 5 of /etc/
pam_user.conf match the module paths on lines 2 and 3 of /etc/pam.conf,
PAM temporarily replaces the null options fields of lines 2 and 3 of /etc/
pam.conf with debug and try_first_pass, respectively. Then the modules
specified by lines 2 and 3 are executed with the revised options.
When isabel logs in, line 1 in /etc/pam.conf causes PAM to read /etc/
pam_user.conf and temporarily replace the options field of line 2 of /etc/
pam.conf with debug use_psd. Line 3 is unchanged. Then the modules specified
by lines 2 and 3 are executed with the revised options.
When george logs in, line 1 in /etc/pam.conf causes PAM to read /etc/
pam_user.conf. Because entries for george do not exist, lines 2 and 3 of /etc/
pam_user.conf are not changed. The modules specified by lines 2 and 3 are
executed with no changes.
40 Administering User and System Security