HPE Community
Operating System - HP-UX
1834263 Members
78510 Online
110066 Solutions
New Discussion

Re: PAM will not accept use_first_pass or try_first_pass

 
HP-UX SYSTEM MANAGER
Occasional Advisor

‎09-09-2002 09:48 AM

‎09-09-2002 09:48 AM

PAM will not accept use_first_pass or try_first_pass

I'm trying to setup an HPUX 11.0 machine to authenticate with an NT domain using the ntlm PAM module. My config looks like this:
/etc/pam.conf
login password sufficient /usr/lib/security/libpam_ntlm.1
login password required /usr/lib/security/libpam_unix.1 try_first_pass

Whenever I try to log in, I get this error in my syslog:
UNIX pam_sm_acct_mgmt: illegal option try_first_pass

doing a "man pam.conf" reveals this to be a valid option. Any ideas why this is failing?
0 Kudos
Reply
2 REPLIES 2
Ted Ellis_2
Honored Contributor

‎09-09-2002 01:00 PM

‎09-09-2002 01:00 PM

Re: PAM will not accept use_first_pass or try_first_pass

do a man on pam_unix to get the proper configs allowed for unix... here is a clip that may help:

use_first_pass It compares the password in the password database with the user's initial password (entered when the user authenticated to the first authentication module in the stack). If the passwords do not match, or if no password has been entered, quit and do not prompt the user for a password. This option
should only be used if the authentication service is designated as optional in the pam.conf configuration file.

note the last line.. change the required to optional and try it again
0 Kudos
Reply
HP-UX SYSTEM MANAGER
Occasional Advisor

‎09-10-2002 06:09 AM

‎09-10-2002 06:09 AM

Re: PAM will not accept use_first_pass or try_first_pass

I got it working. I had a duplicate entry in the wrong place (in the acount section) that shouldn't have had the try_first_pas option.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.