topic Re: pam in Operating System - HP-UX

pam

gui_3 — Wed, 09 Jul 2003 07:41:45 GMT

lo!

'm looking for a PAM depot for HP-ux 10.20

is there PAM modules available (.depot for 10.20 and 11.0) in order to restrict services access (like telnet, rlogin)

thx, best regards

Re: pam

Ollie R — Wed, 09 Jul 2003 07:48:53 GMT

Hi Gui,

As far as I was aware, PAM is installed as standard.

What happens if you run:
man pam

???

Ollie.

Re: pam

T G Manikandan — Wed, 09 Jul 2003 08:16:03 GMT

http://www1.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000062952850

Re: pam

gui_3 — Wed, 09 Jul 2003 09:07:43 GMT

yes man pam gime the pam's manpage, but there'is no /etc/pam.conf. how could i detect pam is running, or how to make it enable.

Re: pam

Ollie R — Wed, 09 Jul 2003 09:15:52 GMT

Hi,

No "/etc/pam.conf"? Oh dear!

You can get a copy of the default from
/usr/newconfig/etc/pam.conf

Ollie.

Re: pam

gui_3 — Wed, 09 Jul 2003 11:47:02 GMT

thx , but the problem is not to configure PAM (i know how to configure it:))

the probleme is: how to know if it is running, or how to enable it, if it has been installed?

u see

best regards

Re: pam

Massimo Bianchi — Wed, 09 Jul 2003 11:48:31 GMT

Hi,
if your inetntion is to restric access, also consider to setup properly

/var/adm/inetd.sec ,

refer to the man page for all the options.

HTH;
Massimo

Re: pam

gui_3 — Wed, 09 Jul 2003 15:34:29 GMT

thx, but i want a control on user's level. I want to allow one user to connect (rlogin,telnet) and deny the other's.

i can't put /bin/false in /etc/passwd, cose i want to be able to su the other's

i think pam is the only solution allowed to me

see u

Re: pam

Ollie R — Thu, 10 Jul 2003 04:32:11 GMT

Hi,

PAM will always be "active" - it's an authentication method, not a daemon. The access methods of "login", "dtlogin", "su", etc. are all built to check PAM.

You can add user-level PAM restrictions in:
/etc/pam_user.conf

For details, do:
man pam_user.conf

An alternative is to install TCP-Wrappers:
http://hpux.connect.org.uk/hppd/hpux/Networking/Admin/tcp_wrappers-7.6/

This will allow you to restrict access at a very detailed level.

Hope this helps,

Ollie.

Re: pam

Ollie R — Thu, 10 Jul 2003 04:33:46 GMT

Re: pam

Ollie R — Thu, 10 Jul 2003 04:38:46 GMT

Re: pam

gui_4 — Thu, 10 Jul 2003 05:59:41 GMT

thx,

that's all i want to know

but 'm not sure that tcpwrapper could help me ... i already studied that solution

see u

Re: pam

Ollie R — Thu, 10 Jul 2003 06:04:55 GMT

Hi,

TCP Wrappers will allow you to select which users and/or systems can access the inetd services like "login", "rlogin", "remsh", etc.

It's therefore ideal for the job if you can invest the time to set it up properly.

Good luck, which ever path you choose!

Ollie.

BTW - Don't forget to assign points!!!