Sample /etc/pam.ldap.trusted file

su

account required

/usr/lib/security/libpam_unix.1

dtlogin

account sufficient

/usr/lib/security/libpam_ldap.1

dtlogin

account required

/usr/lib/security/libpam_unix.1

dtaction

account sufficient

/usr/lib/security/libpam_ldap.1

dtaction

account required

/usr/lib/security/libpam_unix.1

ftp

account sufficient

/usr/lib/security/libpam_ldap.1

ftp

account required

/usr/lib/security/libpam_unix.1

OTHER

account sufficient

/usr/lib/security/libpam_ldap.1

OTHER

account required

/usr/lib/security/libpam_unix.1

#Session management

login

session requried

/usr/lib/security/libpam_ldap.1

login

session required

/usr/lib/security/libpam_unix.1

dtlogin

session required

/usr/lib/security/libpam_ldap.1

dtlogin

session required

/usr/lib/security/libpam_unix.1

dtaction

session required

/usr/lib/security/libpam_ldap.1

dtaction

session required

/usr/lib/security/libpam_unix.1

OTHER

session required

/usr/lib/security/libpam_ldap.1

OTHER

session required

/usr/lib/security/libpam_unix.1

# Password

management #

 

login

password sufficient

/usr/lib/security/libpam_ldap.1

login

password required

/usr/lib/security/libpam_unix.1 try_first_pass

passwd

password sufficient

/usr/lib/security/libpam_ldap.1

passwd

password required

/usr/lib/security/libpam_unix.1 try_first_pass

dtlogin

password sufficient

/usr/lib/security/libpam_ldap.1

dtlogin

password required

/usr/lib/security/libpam_unix.1 try_first_pass

dtaction

password sufficient

/usr/lib/security/libpam_ldap.1

dtaction

password required

/usr/lib/security/libpam_unix.1 try_first_pass

OTHER

password sufficient

/usr/lib/security/libpam_ldap.1

OTHER

password required

/usr/lib/security/libpam_unix.1 try_first_pass

The following is a sample PAM configuration file, /etc/pam.ldap.trusted, used for the HP-UX 11i v2 system:

#

#PAM configuration

#This pam.conf file is intended as an example only.

################################################################

# This configuration file has only been modified for default

#

# services. Other services can be added or modified as needed

#

# or desired. If a service is not listed, it will use the

#

# OTHER classification.

#

#

#

# the format for a entry is

#

# <service> <module_type> <control> <module path> <options>

#

#

#

# see pam.conf(4) for more details

#

#

#

# NOTE: This pam.conf file is recommended only if you convert

#

# your system to a Trusted System. If your system is in the

#

# Standard Mode, use the pam.ldap file as an example.

#

#

#

# NOTE: If the path to a library is not absolute, it

is

assumed#

# to be relative to the directory /usr/lib/security/$ISA.

#

# The “$ISA (i.e Instruction Set Architecture) token

is

 

#

# replaced by the PAM engine (libpam) with “hpux64” for

IA

#

# 64-bit modules, or with “hpux32” for IA 32-bit modules, or

#

# with “pa20_64” for PA 64-bit modules, or with NULL

for PA

#

# 32-bit modules.

 

 

#

192

Appendix C