|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: RE: PAM configuration (HP-UX pam)
From: Alan Millar (Alan.Millar
lpcorp.com)Date: Wed Dec 27 2000 - 12:42:50 CST
- Next message: Carlo Marcelo Arenas Belon: "Re: [PAM] Re: PAM configuration"
- Previous message: Steve Langasek: "Re: PAM configuration"
- In reply to: Steve Langasek: "Re: PAM configuration"
- Next in thread: Kevin Steves: "RE: PAM configuration (HP-UX pam)"
- Reply: Alan Millar: "RE: PAM configuration (HP-UX pam)"
- Reply: Kevin Steves: "RE: PAM configuration (HP-UX pam)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> > To stem the tide of support requests from people who don't read the
> > INSTALL file when installing OpenSSH and then complain
> about password
> > auth failing. I am considering the idea of automagically
> installing a
> > PAM file into /etc/pam.d if it exists, PAM support is
> enabled and no
> > such file already exists.
> > - I want a "no-frills" control file which will work with the widest
> > range of systems and still be secure. Would something like
> the following
> > work everywhere? I assume pam_unix is pretty standards, but
> how about
> > pam_cracklib, pam_nologin and pam_limits?
>
> The big question, of course, is whether these modules are
> available with the
> Solaris and HPUX PAM implementations. I haven't worked with
> either, so I
> don't have any idea.
FWIW, HP-UX 11.0 uses pam, included as part of the OS from HP. I don't
know how far it varies from the current Linux or Solaris pam
implementations. Not being very versed in pam myself, it appears to me
that it matches Solaris pam a little closer than Linux, definitely
compared to current Linux work. In compiling mod_auth_pam for Apache
on HP-UX 11.0, a few ifdef's were needed that matched the Solaris ones.
HP-UX 11 uses /etc/pam.conf. The pam_cracklib, pam_nologin and
pam_limits modules are not included with the HP distribution. I have
not looked into whether people are adding them after-the-fact or not.
I have heard that some people [are attempting to?] use Linux pam ported
to HP-UX 10.20, which didn't have universal pam support from HP, but I
don't know any details.
For better or for worse, if the OpenSSH install looks for /etc/pam.d, it
will bypass any HP-UX 11.0 compatibility issues :-)
- Alan
-- Alan Millar Email: Alan.Millar_______________________________________________ Pam-list mailing list Pam-list
- Next message: Carlo Marcelo Arenas Belon: "Re: [PAM] Re: PAM configuration"
- Previous message: Steve Langasek: "Re: PAM configuration"
- In reply to: Steve Langasek: "Re: PAM configuration"
- Next in thread: Kevin Steves: "RE: PAM configuration (HP-UX pam)"
- Reply: Alan Millar: "RE: PAM configuration (HP-UX pam)"
- Reply: Kevin Steves: "RE: PAM configuration (HP-UX pam)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]