|
|
HP-UX Reference Volume 3 of 5 > ppam_user.conf(4) |
|
NAMEpam_user.conf — users configuration file for pluggable authentication modules DESCRIPTIONpam_user.conf is the user configuration file for the Pluggable Authentication Module architecture, or PAM. It is not designed to replace the PAM system configuration file, pam.conf. For PAM to work properly, pam.conf is mandatory (see pam.conf(4)). pam_user.conf is optional. It is used only when a user basis configuration is needed. It mainly specifies options to be used by service modules on a user basis. The options defined in pam.conf indicate the default for users who are not configured in pam_user.conf or if the module type is not configured for some users. For the configuration in pam_user.conf to take effect, pam.conf needs to configure service module libpam_updbe (see pam.conf(4)). Simplified PAM_USER.CONF Configuration FileThe pam_user.conf file contains a listing of login names. Each login name is paired with a corresponding service module with or without options specified. Each entry has the following format: login_name module_type module_path options Below is an example of the pam_user.conf configuration file. tom auth /usr/lib/security/libpam_unix.1 debug use_psd tom auth /usr/lib/security/libpam_dce.1 use_first_pass tom account /usr/lib/security/libpam_unix.1 use_psd tom account /usr/lib/security/libpam_dce.1 try_first_pass susan auth /usr/lib/security/libpam_unix.1 susan auth /usr/lib/security/libpam_dce.1 try_first_pass The login_name denotes the login name of a user (for example, tom, susan). For detailed information on module_type, module_path, and options, see pam.conf(4). The first entry indicates that when the UNIX authentication is invoked for tom, the options "debug" and "use_psd" will be used. The second entry indicates that when the DCE authentication is invoked for tom , the option "use_first_pass" will be used. The module type "password" is not configured for tom, therefore, the /etc/pam.conf options will take effect. For those users who are not configured, the /etc/pam.conf options apply. NOTESIf an error is found in an entry due to invalid login_name or module_type, then the entry is ignored. If there are no valid entries for the given module_type, the PAM framework ignores pam_user.conf and reads the configuration in pam.conf. EXAMPLESThe following is a sample pam_user.conf configuration file. Lines that begin with the # symbol are treated as comments, and therefore ignored. # # PAM user configuration # # Authentication management john auth /usr/lib/security/libpam_unix.1 john auth /usr/lib/security/libpam_inhouse.1 try_first_pass david auth /usr/lib/security/libpam_unix.1 use_psd david auth /usr/lib/security/libpam_inhouse.1 try_first_pass susan auth /usr/lib/security/libpam_unix.1 use_psd susan auth /usr/lib/security/libpam_inhouse.1 try_first_pass # Password management john password /usr/lib/security/libpam_unix.1 david password /usr/lib/security/libpam_unix.1 use_psd susan password /usr/lib/security/libpam_unix.1 use_psd |
|