Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (HP-UX-11.11)
Apropos / Subsearch:
optional field

 pam_user.conf(4)					    pam_user.conf(4)

      pam_user.conf - users configuration file for pluggable authentication


      pam_user.conf is the user configuration file for the Pluggable
      Authentication Module architecture, or PAM.  It is not designed to
      replace the PAM system configuration file, pam.conf.  For PAM to work
      properly, pam.conf is mandatory (see pam.conf(4)).  pam_user.conf is
      optional.	 It is used only when a user basis configuration is needed.
      It mainly specifies options to be used by service modules on a user

      The options defined in pam.conf indicate the default for users who are
      not configured in pam_user.conf or if the module type is not
      configured for some users.  For the configuration in pam_user.conf to
      take effect, pam.conf needs to configure service module libpam_updbe
      (see pam.conf(4)).

    Simplified PAM_USER.CONF Configuration File
      The pam_user.conf file contains a listing of login names. Each login
      name is paired with a corresponding service module with or without
      options specified. Each entry has the following format:

	   login_name module_type module_path options

      Below is an example of the pam_user.conf configuration file.

	   tom	  auth	   /usr/lib/security/libpam_unix.1   debug use_psd
	   tom	  auth	   /usr/lib/security/libpam_dce.1    use_first_pass
	   tom	  account  /usr/lib/security/libpam_unix.1   use_psd
	   tom	  account  /usr/lib/security/libpam_dce.1    try_first_pass

	   susan       auth	/usr/lib/security/libpam_unix.1
	   susan       auth	/usr/lib/security/libpam_dce.1	  try_first_pass

      The login_name denotes the login name of a user (for example, tom,
      susan).  For detailed information on module_type, module_path, and
      options, see pam.conf(4).

      The first entry indicates that when the UNIX authentication is invoked
      for tom, the options "debug" and "use_psd" will be used. The second
      entry indicates that when the DCE authentication is invoked for tom ,
      the option "use_first_pass" will be used.	 The module type "password"
      is not configured for tom, therefore, the /etc/pam.conf options will
      take effect. For those users who are not configured, the /etc/pam.conf
      options apply.

 Hewlett-Packard Company	    - 1 -   HP-UX Release 11i: November 2000

 pam_user.conf(4)					    pam_user.conf(4)

      If an error is found in an entry due to invalid login_name or
      module_type, then the entry is ignored.  If there are no valid entries
      for the given module_type, the PAM framework ignores pam_user.conf and
      reads the configuration in pam.conf.

      The following is a sample pam_user.conf configuration file.  Lines
      that begin with the # symbol are treated as comments, and therefore

	   # PAM user configuration

	   # Authentication management
	   john	   auth	    /usr/lib/security/libpam_unix.1
	   john	   auth	    /usr/lib/security/libpam_inhouse.1	try_first_pass

	   david   auth	    /usr/lib/security/libpam_unix.1	use_psd
	   david   auth	    /usr/lib/security/libpam_inhouse.1	try_first_pass

	   susan   auth	    /usr/lib/security/libpam_unix.1	use_psd
	   susan   auth	    /usr/lib/security/libpam_inhouse.1	try_first_pass

	   # Password management
	   john	   password /usr/lib/security/libpam_unix.1
	   david   password /usr/lib/security/libpam_unix.1	use_psd
	   susan   password /usr/lib/security/libpam_unix.1	use_psd

      pam(3), pam.conf(4).

 Hewlett-Packard Company	    - 2 -   HP-UX Release 11i: November 2000