Introduction to the Kerberos Products and GSS-API

PAM Kerberos

OTHER

session sufficient /usr/lib/security/libpam_unix.1

#

 

#Password management

login

password sufficient /usr/lib/security/libpam_krb5.1

login

password required /usr/lib/security/libpam_unix.1

passwd

password sufficient /usr/lib/security/libpam_krb5.1

passwd

password required /usr/lib/security/libpam_unix.1

dtlogin

password sufficient /usr/lib/security/libpam_krb5.1

dtlogin

password required /usr/lib/security/libpam_unix.1

dtaction

password sufficient /usr/lib/security/libpam_krb5.1

dtaction

password required /usr/lib/security/libpam_unix.1

OTHER

password sufficient /usr/lib/security/libpam_unix.1

On HP-UX 11i v2 and HP-UX 11i v3

#

#PAM configuration

#Notes: This pam.conf file is intended as an example only.

#If the path to a library is not absolute, it is assumed to be

#relative to one of the following directories:

# /usr/lib/security

(PA 32-bit)

#/usr/lib/security/pa20_64 (PA 64-bit)

#/usr/lib/security/hpux32 (IA 32-bit)

#/usr/lib/security/hpux64 (IA 64-bit)

#The IA file name convention is normally used; for example:

#libpam_unix.so.1

#For PA libpam_unix.so.1 is a symbolic link to the PA library:

#ln -s libpam_unix.1 libpam_unix.so.1

#Also note that the use of pam_hpsec(5) is mandatory for some of the

#services. See pam_hpsec(5).

#Authentication management

#

 

 

login

auth sufficient

libpam_krb5.so.1

login

auth required

libpam_unix.so.1

try_first_pass

 

su

auth sufficient

libpam_krb5.so.1

su

auth required

libpam_unix.so.1

try_first_pass

 

dtlogin

auth sufficient

libpam_krb5.so.1

dtlogin

auth required

libpam_unix.so.1

try_first_pass

 

dtaction

auth sufficient

libpam_krb5.so.1

dtaction

auth required

libpam_unix.so.1

try_first_pass

 

ftp

auth sufficient

libpam_krb5.so.1

44

Chapter 2