Re: PAM configuration

Phil Daws_4 · ‎07-15-2004

Hi,

i have configured PAM on HPUX11i to work with our NT4 domain. This is working fine but I get the following error message appear for non NT accounts :-

pam_ntlm: Incorrect NT password for username

I understand that if I need a seperate authentification method for individual users ie. root then I need to use pam_updbe in pam.conf.

Here is how I have pam.conf configured :-

login auth required /usr/lib/security/libpam_updbe.1
login auth sufficient /usr/lib/security/libpam_ntlm.1 use_first_pass

and then in pam_user.conf :-

root auth /usr/lib/security/libpam_unix.1

What am I doing wrong ?

Ben Dehner · ‎05-24-2005

This thread is a bit old, but I'll give it a try anyway.

The problem here is that it is really a misunderstanding of how libpam_updbe works. libpam_updbe does not change the stacking order of PAM modules, it *only* changes the arguments a particular library is called with on a per-user basis. In your example above, since libpam_unix is not in pam.conf, putting libpam_unix in pam_user.conf does nothing because libpam_unix is never called in the first place. The correct configuration would be more like

pam.conf:
login auth sufficient /usr/lib/security/libpam_ntlm.1
login auth required /usr/lib/security/libpam_unix.1

so that users that are not in the NT domain (such as root) will "fall through" to the libpam_unix module. In addition, you could put the following in pam_user.conf

root auth /usr/lib/security/libpam_ntlm.1 ignore

so that "root" will not be authenticated off of the NT domain. Other options are possible, depending on what you want.

Trust me, I know what I'm doing

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: PAM configuration

PAM configuration

Re: PAM configuration