Operating System - HP-UX
1834263 Members
78510 Online
110066 Solutions
New Discussion

Re: PAM will not accept use_first_pass or try_first_pass

 
HP-UX SYSTEM MANAGER
Occasional Advisor

PAM will not accept use_first_pass or try_first_pass

I'm trying to setup an HPUX 11.0 machine to authenticate with an NT domain using the ntlm PAM module. My config looks like this:
/etc/pam.conf
login password sufficient /usr/lib/security/libpam_ntlm.1
login password required /usr/lib/security/libpam_unix.1 try_first_pass

Whenever I try to log in, I get this error in my syslog:
UNIX pam_sm_acct_mgmt: illegal option try_first_pass

doing a "man pam.conf" reveals this to be a valid option. Any ideas why this is failing?
2 REPLIES 2
Ted Ellis_2
Honored Contributor

Re: PAM will not accept use_first_pass or try_first_pass

do a man on pam_unix to get the proper configs allowed for unix... here is a clip that may help:

use_first_pass It compares the password in the password database with the user's initial password (entered when the user authenticated to the first authentication module in the stack). If the passwords do not match, or if no password has been entered, quit and do not prompt the user for a password. This option
should only be used if the authentication service is designated as optional in the pam.conf configuration file.

note the last line.. change the required to optional and try it again
HP-UX SYSTEM MANAGER
Occasional Advisor

Re: PAM will not accept use_first_pass or try_first_pass

I got it working. I had a duplicate entry in the wrong place (in the acount section) that shouldn't have had the try_first_pas option.