pam_hpsec(5)pam_hpsec(5)NAMEpam_hpsec - extended authentication, account, password, and session
service module for HP-UX
SYNOPSISDESCRIPTION
The service module implements extensions specific to HP-UX for authen‐
tication, account management, password management, and session manage‐
ment.
The use of is recommended for all services, and is mandatory for some
services such as and Application writers and system administrators may
decide that it is inappropriate to use for some specific applications.
When the module is present on the stack, it must be on the top of the
stack, above other modules such as or This module is specific to HP-UX,
and the functionality may vary significantly between releases.
For an interpretation of the module path, please refer to the related
information in pam.conf(4).
Options
The following options may be passed to the service module for all the
components:
syslog(3C)
debugging information at
Turns off warning messages.
With this option,
returns upon success. Without this option, the module
returns upon success (which simplifies the PAM configura‐
tion).
Authentication Component
The authentication component provides management of credentials spe‐
cific to HP-UX. In the future, this component may also implement addi‐
tional HP-UX specific authentication restrictions in addition to the
credential management.
Currently, this component initializes audit attributes for the session.
In addition to the options listed in the section, the following options
may also be passed to the module for authentication.
With this option, does not initialize audit attributes for the session.
This option is supported solely to maintain su(1) backward compatible
behavior when is configured with su(1). HP recommends that this option
not be applied to other services.
With this option,
ignores the restrictions or features that this module would oth‐
erwise enforce.
Note that other common UNIX credentials such as and supplemental group
membership are not managed by any PAM module. The application perform‐
ing the authentication is expected to grant these credentials (these
credentials must be granted after calling pam_open_session(3)) using
the setuid(2) and initgroups(3C) types of calls.
Account Management Component
This component implements the and restrictions described in secu‐
rity(4). In addition to the options listed in the section, the follow‐
ing options may also be passed to the module for account management.
With this option, ignores the restriction.
With this option,
ignores the restriction.
This option is available only if the HP-UX Compartment Login product is
installed,
and its compartment login feature is enabled. With the option,
ignores the compartment login access check restrictions. is
defined in the compartment configuration file. Refer to com‐
partment_login(5) for more information about HP-UX Compartment
Login.
With this option,
ignores the restrictions or features that this module would oth‐
erwise enforce.
Password Management Component
This component unconditionally succeeds.
Session Management Component
This component implements many miscellaneous restrictions such as and
documented in security(4). In addition to the options listed in the
section, the following options may also be passed to the module for
session management.
With this option, ignores the setting.
With this option,
ignores the setting.
With this option,
ignores the setting.
With this option,
ignores the setting.
With this option,
ignores the restrictions or features that this module would oth‐
erwise enforce.
EXAMPLES
The following is an example of stacking using the module:
login session required pam_hpsec.so.1
login session sufficient pam_unix.so.1
login session sufficient pam_ldap.so.1
login session sufficient pam_krb5.so.1
The above rules state that the login's session management requires at
least any one of UNIX, LDAP, and Kerberos PAM modules in addition to
AUTHOR
was developed by HP.
SEE ALSOpam(3), pam_acct_mgmt(3), pam_authenticate(3), pam_open_session(3),
pam_setcred(3), pam.conf(4), security(4), userdb(4), compart‐
ment_login(5).
pam_hpsec(5)