HPE Community
Operating System - HP-UX
1827292 Members
3714 Online
109717 Solutions
New Discussion

disable pam for builtin services

 
SOLVED
Go to solution
mango_1
Frequent Advisor

‎04-22-2003 07:08 AM

‎04-22-2003 07:08 AM

disable pam for builtin services

hello all! I think that HPUX11.00 uses pam for some of its services like login, su and others. I was wondering if there was a way to disable it. Thanks!

0 Kudos
Reply
14 REPLIES 14
Umapathy S
Honored Contributor

‎04-22-2003 08:37 AM

‎04-22-2003 08:37 AM

Re: disable pam for builtin services

PAM is a bridge between the services (login, su...) and the program/API that does the real work.

The services you mentioned are all built to use PAM which in turn calls up the programs/API to do the work.

Inorder to replace the PAM for these services, you may need to use services that dont use PAM.

if you use ldd on login, su you will see that they use PAM and removing them is difficult.

Hope this helps

cheers
Umapathy
Arise Awake and Stop NOT till the goal is Reached!
0 Kudos
Reply
Keith Buck
Respected Contributor

‎04-23-2003 09:05 AM

‎04-23-2003 09:05 AM

Re: disable pam for builtin services

You can configure PAM in /etc/pam.conf.

I'm not sure what you mean by "disable PAM". Without PAM, you won't be able to login at all.

Do you want to grant additional access (not enforce PAM restrictions) or decrease access (enforce more restrictions than PAM does)?

Hope that helps a little...

-Keith
0 Kudos
Reply
mango_1
Frequent Advisor

‎04-23-2003 11:42 AM

‎04-23-2003 11:42 AM

Re: disable pam for builtin services

thanks for the help! I thought pam was an additional add on for the built in services. Meaning there is a command or configuration that I could use that will set login to not use pam and doing it the old fashioned way. And login will check /etc/passwd, etc. Just wanted to confirm that. :) thanks!
0 Kudos
Reply
doug hosking
Esteemed Contributor

‎04-23-2003 11:53 AM

‎04-23-2003 11:53 AM

Solution

Re: disable pam for builtin services

You can think of PAM as a 'mandatory configurable option' on 11.00 systems. You can alter how it is configured but it must be configured. Large portions of the login code (the portions related to authentication, session management, etc.) were moved into PAM. There's not duplicate code in login and PAM, so if you remove PAM, you won't be able to login at all.

Some programs in 11.00 did not initially use PAM but patches were later provided that added the PAM support. I believe ftpd was one of those, but it's been so long that I forget the details. In situations like that, you could remove the patches and go back to a pre-PAM version of ftpd. However things like login ALWAYS had PAM support in 11.00 so this choice does not apply to login.
Reply
Raghuram_3
New Member

‎04-24-2003 09:18 PM

‎04-24-2003 09:18 PM

Re: disable pam for builtin services

Hi, pam.conf specifies which security module to be used for authentication/account verification, etc. By default, login still uses /etc/passwd for account checking, but through PAM APIs. This can be substituted with a different authentication like kerberos by a suitable change in pam.conf
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.