Install the pluggable authentication module (PAM) on HP-UX
Applies To: Windows Server 2003 R2
To install the pluggable authentication module (PAM) on HP-UX
Copy pam_sso.hpx from IDMU\Unix\Bins on the Windows Server 2003 R2 CD to /usr/lib/security on the UNIX computer, change its name to pam_sso.hp.1, and then set its file-mode bits to 544.
On the UNIX computer, open /etc/pam.conf with a text editor.
In the Password management section, locate the following line:
other password required /usr/lib/security/libpam_unix.1
Immediately following the line located in the previous step, add the following line:
other password required /usr/lib/security/pam_sso.hp.1
Note
To disable UNIX-to-Windows password synchronization, remove the entry in /etc/pam.conf that you added in step 4. Before installing the pam_sso module, make sure that PAM support is properly installed and configured on the UNIX computer. The following file samples show a typical configuration. Actual contents of these files may differ, depending on your system configuration. Sample HP-UX PAM configuration file
# PAM configuration
# Authentication management
login auth required /usr/lib/security/libpam_unix.1
su auth required /usr/lib/security/libpam_unix.1
dtlogin auth required /usr/lib/security/libpam_unix.1
dtaction auth required /usr/lib/security/libpam_unix.1
ftp auth required /usr/lib/security/libpam_unix.1
OTHER auth required /usr/lib/security/libpam_unix.1
# Account management
login account required /usr/lib/security/libpam_unix.1
su account required /usr/lib/security/libpam_unix.1
dtlogin account required /usr/lib/security/libpam_unix.1
dtaction account required /usr/lib/security/libpam_unix.1
ftp account required /usr/lib/security/libpam_unix.1
OTHER account required /usr/lib/security/libpam_unix.1
# Session management
login session required /usr/lib/security/libpam_unix.1
dtlogin session required /usr/lib/security/libpam_unix.1
dtaction session required /usr/lib/security/libpam_unix.1
OTHER session required /usr/lib/security/libpam_unix.1
# Password management
login password required /usr/lib/security/libpam_unix.1
dtlogin password required /usr/lib/security/libpam_unix.1
dtaction password required /usr/lib/security/libpam_unix.1
other password required /usr/lib/security/libpam_unix.1
other password required /usr/lib/security/pam_sso.hp.1
The file-mode bits for pam_sso.hp.1 must be set to 544 (o:r-x,g:r--,w:r--) or it will not function properly.
See Also
Concepts
Understanding Password Synchronization
Implementing Password Synchronization