auth.adm(1M) auth.adm(1M)
NAME [Toc] [Back]
auth.adm - activate, deactivate, or query about HP-UX Integrated Login
SYNOPSIS [Toc] [Back]
auth.adm -install -l tech_name [ -b tech_name ]
[ -a tech_name[:tech_name]... ]
[ -p tech_name:parameter=value[:parameter=value]... ]...
auth.adm -uninstall
auth.adm -query [ -f filename ]
DESCRIPTION [Toc] [Back]
The auth.adm command makes it easy to activate, deactivate or query
about HP-UX Integrated Login.
During activation, auth.adm sets up a machine to obtain integrated
login behavior using any of the following commands: login, rlogin,
telnet, dtlogin, su, passwd, and ftpd.
auth.adm saves the Integrated Login configuration, specified by -l, -b
and -a arguments, in the file /etc/auth.conf. This configuration file
specifies the authentication technologies used to authenticate users
on a system. System administrators can specify the technology for
system login; where this login technology is unavailable, a fallback
technology for system login can also be specified. System
administrators can also specify technologies for additional user
authentications that will be done after a user has successfully
completed the system login phase.
Integrated behavior of login, su, passwd, and dtlogin is obtained by
replacing the current /etc/pam.conf with one that specifies the
behavior requested by the auth.adm arguments. auth.adm provides an
option of enabling the nsswitch for DCE technology. The
/etc/nsswitch.conf is updated with "dce" keyword if this option has
been selected. In this scenario the name service requests for
user/group information will be obtained from DCE depending on the
configuration.
After NSS switch is enabled, an option is provided to export the DCE
user/group information to /etc/passwd and /etc/group via a cron job.
passwd_export program could also be run manually to do this job.
Upon deactivation, auth.adm restores /etc/pam.conf, /etc/nsswitch.conf
files that were present on the system before Integrated Login was
installed. It also removes the /etc/auth.conf configuration file.
Hewlett-Packard Company - 1 - HP-UX Release 11.0
auth.adm(1M) auth.adm(1M)
When making a query, auth.adm reads the /etc/auth.conf file and prints
the result of the query to stdout or to filename specified by the -f
argument.
All actions performed by auth.adm are logged into the file
/var/adm/ilogin/auth.adm.log.
ARGUMENTS [Toc] [Back]
auth.adm recognizes the following arguments:
-install
activates HP-UX Integrated Login.
tech_name
an abbreviated name representing an authentication
technology. Starting with the 10.0 release, the tech_name's
supported are:
dce for DCE Registry
ux for /etc/passwd and other HP-UX login
technologies.
-l tech_name
specifies the technology used for system login.
-b tech_name
specifies the technology used for fallback login.
-a tech_name[:tech_name]...
specifies technologies used for additional authentications
after a user has been successfully logged in to a system.
-p tech_name:parameter=value[:parameter=value]...
specifies configurable parameters applicable to a
technology. Parameters for different technologies can be
specified by repeating the -p argument. Starting with the
10.30 release, the configurable parameters supported include
the following:
Hewlett-Packard Company - 2 - HP-UX Release 11.0
auth.adm(1M) auth.adm(1M)
TIMEOUT Timeout (in seconds) on communications with a
technology. Default values for TIMEOUT are
as follows.
dce 180 seconds
ux ignored
WARNPWDEXP [Toc] [Back]
Password expiration warning period (in days).
If the user's password is due to expire
within the specified number of days, the user
receives a warning message during login. This
parameter applies to DCE technology only. If
this parameter is not specified, no warning
is given.
FORCEPWDCHANGE [Toc] [Back]
Password force-change period (in days). If
the user's password is due to expire within
the specified number of days, the user is
forced to change the password before login is
allowed. This parameter applies to the DCE
technology only. If this parameter is not
specified, a password change is not forced.
FORWARDABLETGT [Toc] [Back]
Enable DCE TGT to be forwardable. When
forwarding a user's DCE TGT from machine A to
machine B, it enables the user from machine A
to reuse its Kerberos credentials on machine
B. A parameter value is required, but its
content is ignored. This parameter applies
to DCE technology only.
-uninstall
deactivates HP-UX Integrated Login.
-query
makes a query about the current Integrated Login
configuration.
Hewlett-Packard Company - 3 - HP-UX Release 11.0
auth.adm(1M) auth.adm(1M)
-f filename
prints result of a query to filename.
EXAMPLES [Toc] [Back]
The following command activates HP-UX Integrated Login. The
configuration is set to login the user upon successful password
verification by DCE. In the case where DCE is not available, a
fallback for login via /etc/passwd or another HP-UX technology is
configured. (Note that this strategy is effective only if the HP-UX
password and DCE password are identical.)
auth.adm -install -l dce -b ux
The following command activates HP-UX Integrated Login. The
configuration is set to login the user upon successful password
verification by /etc/passwd or another HP-UX technology. After
machine access has been granted to the user, the configuration
specifies that a DCE login should also be done.
auth.adm -install -l ux -a dce
RETURN VALUE [Toc] [Back]
auth.adm -install/-uninstall returns one of the following:
0 Successfully completed
1 Error(s) occurred
WARNING [Toc] [Back]
If activation or deactivation fails to complete, the error(s) should
be corrected and re-execution of the activation/deactivation should be
done. auth.adm cannot deactivate a failed activation.
NOTE [Toc] [Back]
auth.adm will restart the pwgrd daemon after the ilogin daemon is
started, if it was already running.
AUTHOR [Toc] [Back]
auth.adm was developed by HP.
FILES [Toc] [Back]
/var/adm/ilogin/auth.adm.log log file containing records of actions
performed by auth.adm.
Hewlett-Packard Company - 4 - HP-UX Release 11.0
auth.adm(1M) auth.adm(1M)
SEE ALSO [Toc] [Back]
pam(3) , pwgrd(1M) and passwd_export(1m).
Hewlett-Packard Company - 5 - HP-UX Release 11.0 [ Back ] |
