*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->HP-UX 11i man pages -> pam_hpsec (5)              


 pam_hpsec(5)                                                   pam_hpsec(5)

 NAME    [Toc]    [Back]
      pam_hpsec - extended authentication, account, password, and session
      service module for HP-UX

 SYNOPSIS    [Toc]    [Back]

 DESCRIPTION    [Toc]    [Back]
      The pam_hpsec service module implements extensions specific to HP-UX
      for authentication, account management, password management, and
      session management.

      The use of pam_hpsec is mandatory for services like login, dtlogin,
      ftp, remsh/rexec and ssh.  It is required that these services stack
      this module on the top of the stack above one or more non-optional
      modules such as pam_unix, pam_krb5, or pam_ldap.  Application writers
      and system administrators must consider whether it is appropriate to
      use pam_hpsec for any given application.  This module is specific to
      HP-UX, and the functionality may vary significantly between releases.

      For an interpretation of the module path, please refer to the related
      information in pam.conf(4).

    Options    [Toc]    [Back]
      The following options may be passed to the module for all the

           debug       syslog(3C) debugging information at LOG_DEBUG.

           nowarn      Turns off warning messages.

           opaque      With this option, pam_hpsec returns PAM_SUCCESS upon
                       success.  Without this option, the module returns
                       PAM_IGNORE upon success (which simplifies the PAM

    Authentication Component    [Toc]    [Back]
      The hpsec authentication component provides management of credentials
      specific to HP-UX.  In the future, this component may also implement
      additional HP-UX specific authentication restrictions in addition to
      the credential management.

      Currently, this component initializes audit attributes for the

           Note that other common UNIX credentials such as uid, gid, and
           supplemental group membership are not managed by any PAM module.
           The application performing the authentication is expected to
           grant these credentials (these credentials must be granted after
           calling pam_open_session(3)) using the setuid(2) and
           initgroups(3C) types of calls.

 Hewlett-Packard Company            - 1 -      HP-UX 11i Version 2: Sep 2004

 pam_hpsec(5)                                                   pam_hpsec(5)

      Account Management Component    [Toc]    [Back]
      This component unconditionally succeeds.

      Password Management Component    [Toc]    [Back]
      This component unconditionally succeeds.

      Session Management Component    [Toc]    [Back]
      This component implements many miscellaneous restrictions such as
      security(4).  In addition to the options listed in the option section,
      the following options may also be passed to the module for session

      bypass_nologin      With this option, pam_hpsec ignores NOLOGIN
                          setting in the /etc/default/security file.

      bypass_limit_login  With this option, pam_hpsec ignores the
                          NUMBER_OF_LOGINS_ALLOWED setting in the
                          /etc/default/security file.

      bypass_umask        With this option, pam_hpsec ignores the UMASK
                          setting in the /etc/default/security file.

      bypass_all          With this option, pam_hpsec enforces none of the
                          optional security restrictions that this module
                          would otherwise enforce.

 EXAMPLES    [Toc]    [Back]
      The following is an example of stacking using the pam_hpsec module:

           login session required    pam_hpsec.so.1
           login session sufficient  pam_unix.so.1
           login session sufficient  pam_ldap.so.1
           login session sufficient  pam_krb5.so.1

      The above rules state that the login's session management requires at
      least any one of Unix, LDAP, and kerberos pam modules in addition to

 AUTHOR    [Toc]    [Back]
      pam_hpsec was developed by HP.

 SEE ALSO    [Toc]    [Back]
      pam(3), pam_open_session(3), pam.conf(4), security(4).

 Hewlett-Packard Company            - 2 -      HP-UX 11i Version 2: Sep 2004
[ Back ]
 Similar pages
Name OS Title
pam_unix HP-UX authentication, account, session, and password management PAM modules for UNIX
pam_krb5 HP-UX authentication, account, session and password management modules for Kerberos 5
pam_dce HP-UX authentication, account, and password management PAM functions for DCE
login_chpass OpenBSD change password authentication type
pam_ssh FreeBSD authentication and session management with SSH private keys
skeyinit OpenBSD change password or add user to S/Key authentication system
login_lchpass OpenBSD change local password authentication type
login_passwd OpenBSD provide standard password authentication type
login_krb5-or-pwd OpenBSD provide KerberosV or password authentication type
opiepasswd FreeBSD Change or set a user's password for the OPIE authentication system.
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service