Login or Register to Ask a Question and Join Our Community

restrictions

LEARN ABOUT HPUX

pam_hpsec

pam_hpsec(5)							File Formats Manual						      pam_hpsec(5)

NAME

       pam_hpsec - extended authentication, account, password, and session service module for HP-UX

SYNOPSIS

DESCRIPTION

       The service module implements extensions specific to HP-UX for authentication, account management, password management, and session manage-
       ment.

       The use of is recommended for all services, and is mandatory for some services such as and Application writers  and  system  administrators
       may  decide that it is inappropriate to use for some specific applications.  When the module is present on the stack, it must be on the top
       of the stack, above other modules such as or This module is specific to	HP-UX,	and  the  functionality  may  vary  significantly  between
       releases.

       For an interpretation of the module path, please refer to the related information in pam.conf(4).

   Options
       The following options may be passed to the service module for all the components:

       syslog(3C)
		 debugging information at

       Turns off warning messages.

       With this option,
		 returns upon success.	Without this option, the module returns upon success (which simplifies the PAM configuration).

   Authentication Component
       The  authentication component provides management of credentials specific to HP-UX.  In the future, this component may also implement addi-
       tional HP-UX specific authentication restrictions in addition to the credential management.

       Currently, this component initializes audit attributes for the session.	In addition to the options listed in the  section,  the  following
       options may also be passed to the module for authentication.
       With this option, does not initialize audit attributes for the session.	This option is supported solely to maintain su(1) backward compat-
       ible behavior when is configured with su(1).  HP recommends that this option not be applied to other services.

       With this option,
	      ignores the restrictions or features that this module would otherwise enforce.

       Note that other common UNIX credentials such as and supplemental group membership are not managed by any PAM module.  The application  per-
       forming	the  authentication  is  expected to grant these credentials (these credentials must be granted after calling pam_open_session(3))
       using the setuid(2) and initgroups(3C) types of calls.

   Account Management Component
       This component implements the and restrictions described in security(4).  In addition to the options listed in the section,  the  following
       options may also be passed to the module for account management.
       With this option, ignores the restriction.

       With this option,
	      ignores the restriction.

       This option is available only if the HP-UX Compartment Login product is installed,
	      and its compartment login feature is enabled.  With the option, ignores the compartment login access check restrictions.	is defined
	      in the compartment configuration file.  Refer to compartment_login(5) for more information about HP-UX Compartment Login.

       With this option,
	      ignores the restrictions or features that this module would otherwise enforce.

   Password Management Component
       This component unconditionally succeeds.

   Session Management Component
       This component implements many miscellaneous restrictions such as and documented in security(4).  In addition to the options listed in  the
       section, the following options may also be passed to the module for session management.
       With this option, ignores the setting.

       With this option,
	      ignores the setting.

       With this option,
	      ignores the setting.

       With this option,
	      ignores the setting.

       With this option,
	      ignores the restrictions or features that this module would otherwise enforce.

EXAMPLES

       The following is an example of stacking using the module:

	      login session required	pam_hpsec.so.1
	      login session sufficient	pam_unix.so.1
	      login session sufficient	pam_ldap.so.1
	      login session sufficient	pam_krb5.so.1

       The above rules state that the login's session management requires at least any one of UNIX, LDAP, and Kerberos PAM modules in addition to

AUTHOR

       was developed by HP.

SEE ALSO

       pam(3),	 pam_acct_mgmt(3),   pam_authenticate(3),  pam_open_session(3),  pam_setcred(3),  pam.conf(4),	security(4),  userdb(4),  compart-
       ment_login(5).

																      pam_hpsec(5)