HPE Community
Operating System - HP-UX
1833838 Members
2090 Online
110063 Solutions
New Discussion

Re: pam

 
gui_3
Occasional Contributor

‎07-09-2003 12:41 AM

‎07-09-2003 12:41 AM

pam

lo!

'm looking for a PAM depot for HP-ux 10.20

is there PAM modules available (.depot for 10.20 and 11.0) in order to restrict services access (like telnet, rlogin)

thx, best regards
sexy boy is back
0 Kudos
Reply
12 REPLIES 12
Ollie R
Respected Contributor

‎07-09-2003 12:48 AM

‎07-09-2003 12:48 AM

Re: pam

Hi Gui,

As far as I was aware, PAM is installed as standard.

What happens if you run:
man pam

???

Ollie.
To err is human but to not award points is unforgivable
0 Kudos
Reply
T G Manikandan
Honored Contributor

‎07-09-2003 01:16 AM

‎07-09-2003 01:16 AM

Re: pam

http://www1.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000062952850
0 Kudos
Reply
gui_3
Occasional Contributor

‎07-09-2003 02:07 AM

‎07-09-2003 02:07 AM

Re: pam

yes man pam gime the pam's manpage, but there'is no /etc/pam.conf. how could i detect pam is running, or how to make it enable.
sexy boy is back
0 Kudos
Reply
Ollie R
Respected Contributor

‎07-09-2003 02:15 AM

‎07-09-2003 02:15 AM

Re: pam

Hi,

No "/etc/pam.conf"? Oh dear!

You can get a copy of the default from
/usr/newconfig/etc/pam.conf

Ollie.
To err is human but to not award points is unforgivable
0 Kudos
Reply
gui_3
Occasional Contributor

‎07-09-2003 04:47 AM

‎07-09-2003 04:47 AM

Re: pam

thx , but the problem is not to configure PAM (i know how to configure it:))

the probleme is: how to know if it is running, or how to enable it, if it has been installed?

u see

best regards
sexy boy is back
0 Kudos
Reply
Massimo Bianchi
Honored Contributor

‎07-09-2003 04:48 AM

‎07-09-2003 04:48 AM

Re: pam

Hi,
if your inetntion is to restric access, also consider to setup properly

/var/adm/inetd.sec ,

refer to the man page for all the options.

HTH;
Massimo
0 Kudos
Reply
gui_3
Occasional Contributor

‎07-09-2003 08:34 AM

‎07-09-2003 08:34 AM

Re: pam

thx, but i want a control on user's level. I want to allow one user to connect (rlogin,telnet) and deny the other's.

i can't put /bin/false in /etc/passwd, cose i want to be able to su the other's

i think pam is the only solution allowed to me

see u
sexy boy is back
0 Kudos
Reply
Ollie R
Respected Contributor

‎07-09-2003 09:32 PM

‎07-09-2003 09:32 PM

Re: pam

Hi,

PAM will always be "active" - it's an authentication method, not a daemon. The access methods of "login", "dtlogin", "su", etc. are all built to check PAM.

You can add user-level PAM restrictions in:
/etc/pam_user.conf

For details, do:
man pam_user.conf

An alternative is to install TCP-Wrappers:
http://hpux.connect.org.uk/hppd/hpux/Networking/Admin/tcp_wrappers-7.6/

This will allow you to restrict access at a very detailed level.

Hope this helps,

Ollie.
To err is human but to not award points is unforgivable
0 Kudos
Reply
Ollie R
Respected Contributor

‎07-09-2003 09:33 PM

‎07-09-2003 09:33 PM

Re: pam

Hi,

PAM will always be "active" - it's an authentication method, not a daemon. The access methods of "login", "dtlogin", "su", etc. are all built to check PAM.

You can add user-level PAM restrictions in:
/etc/pam_user.conf

For details, do:
man pam_user.conf

An alternative is to install TCP-Wrappers:
http://hpux.connect.org.uk/hppd/hpux/Networking/Admin/tcp_wrappers-7.6/

This will allow you to restrict access at a very detailed level.

Hope this helps,

Ollie.
To err is human but to not award points is unforgivable
0 Kudos
Reply
Ollie R
Respected Contributor

‎07-09-2003 09:38 PM

‎07-09-2003 09:38 PM

Re: pam

Hi,

PAM will always be "active" - it's an authentication method, not a daemon. The access methods of "login", "dtlogin", "su", etc. are all built to check PAM.

You can add user-level PAM restrictions in:
/etc/pam_user.conf

For details, do:
man pam_user.conf

An alternative is to install TCP-Wrappers:
http://hpux.connect.org.uk/hppd/hpux/Networking/Admin/tcp_wrappers-7.6/

This will allow you to restrict access at a very detailed level.

Hope this helps,

Ollie.
To err is human but to not award points is unforgivable
0 Kudos
Reply
gui_4
New Member

‎07-09-2003 10:59 PM

‎07-09-2003 10:59 PM

Re: pam

thx,

that's all i want to know

but 'm not sure that tcpwrapper could help me ... i already studied that solution

see u
0 Kudos
Reply
Ollie R
Respected Contributor

‎07-09-2003 11:04 PM

‎07-09-2003 11:04 PM

Re: pam

Hi,

TCP Wrappers will allow you to select which users and/or systems can access the inetd services like "login", "rlogin", "remsh", etc.

It's therefore ideal for the job if you can invest the time to set it up properly.

Good luck, which ever path you choose!

Ollie.

BTW - Don't forget to assign points!!!
To err is human but to not award points is unforgivable
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.