Share via

Install the pluggable authentication module (PAM) on HP-UX

  • Article

Applies To: Windows Server 2003 R2

To install the pluggable authentication module (PAM) on HP-UX

  1. Copy pam_sso.hpx from IDMU\Unix\Bins on the Windows Server 2003 R2 CD to /usr/lib/security on the UNIX computer, change its name to pam_sso.hp.1, and then set its file-mode bits to 544.

  2. On the UNIX computer, open /etc/pam.conf with a text editor.

  3. In the Password management section, locate the following line:

    other password required /usr/lib/security/libpam_unix.1

  4. Immediately following the line located in the previous step, add the following line:

    other password required /usr/lib/security/pam_sso.hp.1

Note

To disable UNIX-to-Windows password synchronization, remove the entry in /etc/pam.conf that you added in step 4. Before installing the pam_sso module, make sure that PAM support is properly installed and configured on the UNIX computer. The following file samples show a typical configuration. Actual contents of these files may differ, depending on your system configuration. Sample HP-UX PAM configuration file

# PAM configuration
# Authentication management
login    auth required  /usr/lib/security/libpam_unix.1
su       auth required  /usr/lib/security/libpam_unix.1
dtlogin  auth required  /usr/lib/security/libpam_unix.1
dtaction auth required  /usr/lib/security/libpam_unix.1
ftp      auth required  /usr/lib/security/libpam_unix.1
OTHER    auth required  /usr/lib/security/libpam_unix.1
# Account management
login    account required       /usr/lib/security/libpam_unix.1
su       account required       /usr/lib/security/libpam_unix.1
dtlogin  account required       /usr/lib/security/libpam_unix.1
dtaction account required       /usr/lib/security/libpam_unix.1
ftp      account required       /usr/lib/security/libpam_unix.1
OTHER    account required       /usr/lib/security/libpam_unix.1
# Session management
login    session required       /usr/lib/security/libpam_unix.1
dtlogin  session required       /usr/lib/security/libpam_unix.1
dtaction session required       /usr/lib/security/libpam_unix.1
OTHER    session required       /usr/lib/security/libpam_unix.1
# Password management
login    password required      /usr/lib/security/libpam_unix.1
dtlogin  password required      /usr/lib/security/libpam_unix.1
dtaction password required      /usr/lib/security/libpam_unix.1
other    password required      /usr/lib/security/libpam_unix.1
other    password required      /usr/lib/security/pam_sso.hp.1

The file-mode bits for pam_sso.hp.1 must be set to 544 (o:r-x,g:r--,w:r--) or it will not function properly.

See Also

Concepts

Understanding Password Synchronization
Implementing Password Synchronization