Installing And Configuring LDAP-UX Client Services

Use r-command for PAM_LDAP

Use r-command for PAM_LDAP

An enhancement has been implemented to the LDAP-UX Client Services B.03.20, so that r-commandscan work with LDAP account users whose password is hidden, or not in clear text or crypt syntax.

If you want to use this new fearture, use the following steps:

1.Uncomment out the following line in the

/etc/opt/ldapux/ldapux_client.conf file:

#password_as = “x”

2.On the HP-UX 11.0 or 11i v1 client system, modify account management session in /etc/pam.conf file for pam_ldap to add “rcommand” option as shown below:

#Account management

#

login

account sufficient

/usr/lib/security/libpam_unix.1

login

account required

/usr/lib/security/libpam_ldap.1 rcommand

su

account sufficient

/usr/lib/security/libpam_unix.1

su

account required

/usr/lib/security/libpam_ldap.1

dtlogin

account sufficient

/usr/lib/security/libpam_unix.1

dtlogin

account required

/usr/lib/security/libpam_ldap.1

dtaction

account sufficient

/usr/lib/security/libpam_unix.1

dtaction

account required

/usr/lib/security/libpam_ldap.1

ftp

account sufficient

/usr/lib/security/libpam_unix.1

ftp

account required

/usr/lib/security/libpam_ldap.1

OTHER

account sufficient

/usr/lib/security/libpam_unix.1

OTHER

account required

/usr/lib/security/libpam_ldap.1 rcommand

On the HP-UX 11i v2 client system, you will modify account management session in /etc/pam.conf file for pam_ldap to add “rcommand” option as follows:

#Account management

login

account required

libpam_hpsec.so.1

login

account sufficient

libpam_unix.so.1

login

account required

libpam_ldap.so.1 rcommand

su

account required

libpam_hpsec.so.1

su

account sufficient

libpam_unix.so.1

su

account required

libpam_ldap.so.1

76

Chapter 2