pam support for hpux 11.11

david li · ‎09-16-2004

hi, I try to write a program to change user's password using pam under hpux 11.11. If I use "passwd" as service name, it works fine. However, if I use others as service name, the request becomes a user's request, ie. alwasy prompt to ask for user's Old Password although I run the program as root. Am I missing anything?

Any help infor on this would be very appreciated!

Thx. david

Sundar_7 · ‎09-16-2004

I cannot tell you from a programmer's perspective :-).

But if you configure "Password Management" module in /etc/pam.conf to use a different lib other than libpam_unix.1, then even if you execute passwd as root, you will be prompted to enter the old password for the user.

Post your /etc/pam.conf

Learn What to do ,How to do and more importantly When to do ?

david li · ‎09-16-2004

thx for the reply. I use the same pam module. By the way, what pam module requests user old password when root initiates the pwd change request? Is this HP's standard? thx.

My pam.conf:

# PAM configuration
#
# Authentication management
#
#login auth required /usr/lib/security/libpam_unix.1
su auth required /usr/lib/security/libpam_unix.1
dtlogin auth required /usr/lib/security/libpam_unix.1
dtaction auth required /usr/lib/security/libpam_unix.1
ftp auth required /usr/lib/security/libpam_unix.1
OTHER auth required /usr/lib/security/libpam_unix.1
#
# Account management
#
login account required /usr/lib/security/libpam_unix.1
su account required /usr/lib/security/libpam_unix.1
dtlogin account required /usr/lib/security/libpam_unix.1
dtaction account required /usr/lib/security/libpam_unix.1
ftp account required /usr/lib/security/libpam_unix.1
#
OTHER account required /usr/lib/security/libpam_unix.1
#
# Session management
#
login session required /usr/lib/security/libpam_unix.1
dtlogin session required /usr/lib/security/libpam_unix.1
dtaction session required /usr/lib/security/libpam_unix.1
OTHER session required /usr/lib/security/libpam_unix.1
#
# Password management
#
login password required /usr/lib/security/libpam_unix.1
dtlogin password required /usr/lib/security/libpam_unix.1
dtaction password required /usr/lib/security/libpam_unix.1
OTHER password required /usr/lib/security/libpam_unix.1 try_first_pass debug
#

Sundar_7 · ‎09-16-2004

David,

Nope, that is not HP-UX standard. When root tries to change the password for a user, old password will not be asked for.

But if you have, say for ex libpam_ntlm.1 as the module path for the "password management" module, then when u execute "passwd username" as root, it will prompt you for the "Old password".

Here passwd infact asking for the current domain password for the user and not the unix password.

In your pam.conf

OTHER password required /usr/lib/security/libpam_unix.1 try_first_pass debug

As far as I know, you cannot have try_first_pass and debug as parameters to the libpam_unix.1 in the "Password Management" module.

Remove these two options. It will not ask for the old password when u use "OTHER" as the service name in your program.

- Sundar.

Learn What to do ,How to do and more importantly When to do ?

david li · ‎09-16-2004

thx for the msg. I tried again without try_first_pass and debug. It is still same.

Does "passwd" have specil meaning in HP's pam? Why my program works if using "passwd" as service name, and doesn't work if use other names? Is there any other config to control how libpam_unix.1 works? thx.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

pam support for hpux 11.11

pam support for hpux 11.11

Re: pam support for hpux 11.11

Re: pam support for hpux 11.11

Re: pam support for hpux 11.11

Re: pam support for hpux 11.11