topic Re: PAM in Operating System - HP-UX

PAM

Sunil Sharma_1 — Fri, 27 Feb 2004 09:50:44 GMT

Hi All,

I don't know what is PAM. Could somebody give me information about PAM. with standard HP UX what can i acheive using this?

I know i am asking nonsense information..but please help...

Sunil

Re: PAM

Robert-Jan Goossens — Fri, 27 Feb 2004 09:53:24 GMT

Hi Sunil.

Pam Kerberos ?

http://www.software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=J5849AA

Regards,
Robert-Jan

Re: PAM

Dave Hutton — Fri, 27 Feb 2004 09:54:18 GMT

If you look at man pam it has a pretty good description of it:

PAM gives system administrators the flexibility of choosing any
authentication service available on the system to perform
authentication. The framework also allows new authentication service
modules to be plugged in and made available without modifying the
applications.

The PAM framework, libpam, consists of an interface library and
multiple authentication service modules. The PAM interface library is
the layer implementing the Application Programming Interface (API).
The authentication service modules are a set of dynamically loadable objects invoked by the PAM API to provide a particular type of user
authentication.

Re: PAM

Robert-Jan Goossens — Fri, 27 Feb 2004 10:05:13 GMT

http://www.docs.hp.com/cgi-bin/fsearch/framedisplay?top=/hpux/onlinedocs/5187-2216/5187-2216_top.html&con=/hpux/onlinedocs/5187-2216/00/00/80-con.html&toc=/hpux/onlinedocs/5187-2216/00/00/80-toc.html&searchterms=pam&queryid=20040227-075739

HTH,
RJ

Re: PAM

Sundar_7 — Fri, 27 Feb 2004 18:57:16 GMT

Sunil,

PAM was first introduced in 10.20. In 10.20 it was only used for CDE authentication.

In 11.x, PAM is integrated in to HP-UX login mechanism. PAM-NTLM and PAM-Kerberos are the two products that you would be interested if you are to authenticate against NT/2000 servers.

PAM-NTLM is installed as part of the CIFS-CLient package. PAM-Kerberos enables the HP-UX logins to be authenticated against windows 2K servers. Remember kerberos is the authentication mechanism used in windows 2K.

/etc/pam.conf is the file and /usr/lib/security is where the pam shared libaries are stored

-- Sundar.

Re: PAM

Vijaya Kumar_3 — Sat, 28 Feb 2004 00:34:57 GMT

PAM is the Pluggable authentication module and it play a role in unix authentication. Whenever a user login to the system, PAM is used to authenticate the login.

PAM can used for ultimately full security (no one is allowd to login to the system) to no security (anyone is allowed to login to the system) by editing /etc/pam.conf.

PAM is the standard authentication mechanism in HP-UX 11/11.11, Solaris 7/8/9/10, AIX 5.2 and All linux flavors.

I used this guide to know about PAM.
http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html

Hope this helps
Vijay

Re: PAM

Sunil Sharma_1 — Sun, 29 Feb 2004 23:54:53 GMT

Thanks to all who responded.

i want to impliment some password ristrictions in my HP UX 10.20 box. can i do this using PAM modules or i have convert my system in trusted mode ?

if yes how can i do that ?

Password ristrictions like password aging, password construction etc.

Sunil

Re: PAM

Michael Tully — Mon, 01 Mar 2004 00:07:53 GMT

You don't need PAM or to secure your system just for password aging. You can just implement it using the represented characters of numbers of weeks. See:
$ man 4 passwd

If you wish to go further and have password policies as such, then yes trust your system. Be aware that trusting your system forces each user to change their password. If you are not that familiar with password aging using trusted system, SAM is a good helper.

To trust:
/usr/lbin/tsconvert

to untrust:
/usr/lbin/tsconvert -r

Re: PAM

Karthik S S — Mon, 01 Mar 2004 00:52:41 GMT

To secure your hp-ux system refer to,

http://downloads.securityfocus.com/library/bastion.html

-Karthik S S