pam_user.conf(4) pam_user.conf(4)
NAME [Toc] [Back]
pam_user.conf - users configuration file for pluggable authentication
modules
SYNOPSIS [Toc] [Back]
/etc/pam_user.conf
DESCRIPTION [Toc] [Back]
pam_user.conf is the user configuration file for the Pluggable
Authentication Module architecture, or PAM. It is not designed to
replace the PAM system configuration file, pam.conf. For PAM to work
properly, pam.conf is mandatory (see pam.conf(4)). pam_user.conf is
optional. It is used only when a user basis configuration is needed.
It mainly specifies options to be used by service modules on a user
basis.
The options defined in pam.conf indicate the default for users who are
not configured in pam_user.conf or if the module type is not
configured for some users. For the configuration in pam_user.conf to
take effect, pam.conf needs to configure service module libpam_updbe
(see pam.conf(4)).
Simplified PAM_USER.CONF Configuration File [Toc] [Back]
The pam_user.conf file contains a listing of login names. Each login
name is paired with a corresponding service module with or without
options specified. Each entry has the following format:
login_name module_type module_path options
Below is an example of the pam_user.conf configuration file.
tom auth /usr/lib/security/$ISA/libpam_unix.so.1 debug use_psd
tom auth /usr/lib/security/$ISA/libpam_dce.so.1 use_first_pass
tom account /usr/lib/security/$ISA/libpam_unix.so.1 use_psd
tom account /usr/lib/security/$ISA/libpam_dce.so.1 try_first_pass
susan auth /usr/lib/security/$ISA/libpam_unix.so.1
susan auth /usr/lib/security/$ISA/libpam_dce.so.1 try_first_pass
The login_name denotes the login name of a user (for example, tom,
susan). For detailed information on module_type, module_path, and
options, see pam.conf(4).
The first entry indicates that when the UNIX authentication is invoked
for tom, the options "debug" and "use_psd" will be used. The second
entry indicates that when the DCE authentication is invoked for tom ,
the option "use_first_pass" will be used. The module type "password"
is not configured for tom, therefore, the /etc/pam.conf options will
take effect. For those users who are not configured, the /etc/pam.conf
options apply.
Hewlett-Packard Company - 1 - HP-UX 11i Version 2: August 2003
pam_user.conf(4) pam_user.conf(4)
NOTES [Toc] [Back]
If an error is found in an entry due to invalid login_name or
module_type, then the entry is ignored. If there are no valid entries
for the given module_type, the PAM framework ignores pam_user.conf and
reads the configuration in pam.conf.
EXAMPLES [Toc] [Back]
The following is a sample pam_user.conf configuration file. Lines
that begin with the # symbol are treated as comments, and therefore
ignored.
#
# PAM user configuration
#
# Authentication management
john auth /usr/lib/security/$ISA/libpam_unix.so.1
john auth /usr/lib/security/$ISA/libpam_inhouse.so.1 try_first_pass
david auth /usr/lib/security/$ISA/libpam_unix.so.1 use_psd
david auth /usr/lib/security/$ISA/libpam_inhouse.so.1 try_first_pass
susan auth /usr/lib/security/$ISA/libpam_unix.so.1 use_psd
susan auth /usr/lib/security/$ISA/libpam_inhouse.so.1 try_first_pass
# Password management
john password /usr/lib/security/$ISA/libpam_unix.so.1
david password /usr/lib/security/$ISA/libpam_unix.so.1 use_psd
susan password /usr/lib/security/$ISA/libpam_unix.so.1 use_psd
SEE ALSO [Toc] [Back]
pam(3), pam.conf(4).
Hewlett-Packard Company - 2 - HP-UX 11i Version 2: August 2003 [ Back ] |
