Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   10987 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

pam_hpsec(5)							  pam_hpsec(5)

NAME
       pam_hpsec  -  extended  authentication,	account, password, and session
       service module for HP-UX

SYNOPSIS
DESCRIPTION
       The service module implements extensions specific to HP-UX for  authen‐
       tication,  account management, password management, and session manage‐
       ment.

       The use of is recommended for all services, and is mandatory  for  some
       services	 such as and Application writers and system administrators may
       decide that it is inappropriate to use for some specific	 applications.
       When  the  module is present on the stack, it must be on the top of the
       stack, above other modules such as or This module is specific to HP-UX,
       and the functionality may vary significantly between releases.

       For  an	interpretation of the module path, please refer to the related
       information in pam.conf(4).

   Options
       The following options may be passed to the service module for  all  the
       components:

       syslog(3C)
		 debugging information at

       Turns off warning messages.

       With this option,
		 returns  upon	success.   Without  this  option,  the	module
		 returns upon success (which  simplifies  the  PAM  configura‐
		 tion).

   Authentication Component
       The  authentication  component  provides management of credentials spe‐
       cific to HP-UX.	In the future, this component may also implement addi‐
       tional  HP-UX  specific	authentication restrictions in addition to the
       credential management.

       Currently, this component initializes audit attributes for the session.
       In addition to the options listed in the section, the following options
       may also be passed to the module for authentication.
       With this option, does not initialize audit attributes for the session.
       This  option  is supported solely to maintain su(1) backward compatible
       behavior when is configured with su(1).	HP recommends that this option
       not be applied to other services.

       With this option,
	      ignores the restrictions or features that this module would oth‐
	      erwise enforce.

       Note that other common UNIX credentials such as and supplemental	 group
       membership are not managed by any PAM module.  The application perform‐
       ing the authentication is expected to grant  these  credentials	(these
       credentials  must  be  granted after calling pam_open_session(3)) using
       the setuid(2) and initgroups(3C) types of calls.

   Account Management Component
       This component implements  the  and  restrictions  described  in	 secu‐
       rity(4).	 In addition to the options listed in the section, the follow‐
       ing options may also be passed to the module for account management.
       With this option, ignores the restriction.

       With this option,
	      ignores the restriction.

       This option is available only if the HP-UX Compartment Login product is
       installed,
	      and  its compartment login feature is enabled.  With the option,
	      ignores the compartment login  access  check  restrictions.   is
	      defined  in  the	compartment configuration file.	 Refer to com‐
	      partment_login(5) for more information about  HP-UX  Compartment
	      Login.

       With this option,
	      ignores the restrictions or features that this module would oth‐
	      erwise enforce.

   Password Management Component
       This component unconditionally succeeds.

   Session Management Component
       This component implements many miscellaneous restrictions such  as  and
       documented  in  security(4).   In addition to the options listed in the
       section, the following options may also be passed  to  the  module  for
       session management.
       With this option, ignores the setting.

       With this option,
	      ignores the setting.

       With this option,
	      ignores the setting.

       With this option,
	      ignores the setting.

       With this option,
	      ignores the restrictions or features that this module would oth‐
	      erwise enforce.

EXAMPLES
       The following is an example of stacking using the module:

	      login session required	pam_hpsec.so.1
	      login session sufficient	pam_unix.so.1
	      login session sufficient	pam_ldap.so.1
	      login session sufficient	pam_krb5.so.1

       The above rules state that the login's session management  requires  at
       least any one of UNIX, LDAP, and Kerberos PAM modules in addition to

AUTHOR
       was developed by HP.

SEE ALSO
       pam(3),	 pam_acct_mgmt(3),  pam_authenticate(3),  pam_open_session(3),
       pam_setcred(3),	 pam.conf(4),	security(4),	userdb(4),    compart‐
       ment_login(5).

								  pam_hpsec(5)

Vote for polarhome