Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
HP-UX Reference > P


HP-UX 11i Version 3: February 2007

Technical documentation

» Feedback
Content starts here

 » Table of Contents

 » Index


pam_user.conf — user configuration file for pluggable authentication modules




pam_user.conf is the user configuration file for the Pluggable Authentication Module architecture, or PAM. It is not designed to replace the PAM system configuration file, pam.conf. For PAM to work properly, pam.conf is mandatory (see pam.conf(4)). pam_user.conf is optional. It is used only when a user basis configuration is needed. It mainly specifies options to be used by service modules on a user basis.

The options defined in pam.conf indicate the default for users who are not configured in pam_user.conf or if the module type is not configured for some users. For the configuration in pam_user.conf to take effect, pam.conf needs to configure service module libpam_updbe (see pam.conf(4)).

Simplified pam_user.conf Configuration File

The pam_user.conf file contains a listing of login names. Each login name is paired with a corresponding service module with or without options specified. Each entry has the following format:

login_name module_type module_path options

Below is an example of the pam_user.conf configuration file.

tom auth /usr/lib/security/$ISA/libpam_unix.so.1 debug use_psd tom auth /usr/lib/security/$ISA/libpam_dce.so.1 use_first_pass tom account /usr/lib/security/$ISA/libpam_unix.so.1 use_psd tom account /usr/lib/security/$ISA/libpam_dce.so.1 try_first_pass susan auth /usr/lib/security/$ISA/libpam_unix.so.1 susan auth /usr/lib/security/$ISA/libpam_dce.so.1 try_first_pass

The login_name denotes the login name of a user (for example, tom, susan). For detailed information on module_type, module_path, and options, see pam.conf(4).

The first entry indicates that when the UNIX authentication is invoked for tom, the options debug and use_psd will be used. The second entry indicates that when the DCE authentication is invoked for tom, the option use_first_pass will be used. The module type password is not configured for tom, therefore, the /etc/pam.conf options will take effect. For those users who are not configured, the /etc/pam.conf options apply.


If an error is found in an entry due to invalid login_name or module_type, then the entry is ignored. If there are no valid entries for the given module_type, the PAM framework ignores pam_user.conf and reads the configuration in pam.conf.


The following is a sample pam_user.conf configuration file. Lines that begin with the # symbol are treated as comments, and therefore ignored.

# # PAM user configuration # # Authentication management john auth /usr/lib/security/$ISA/libpam_unix.so.1 john auth /usr/lib/security/$ISA/libpam_inhouse.so.1 try_first_pass david auth /usr/lib/security/$ISA/libpam_unix.so.1 use_psd david auth /usr/lib/security/$ISA/libpam_inhouse.so.1 try_first_pass susan auth /usr/lib/security/$ISA/libpam_unix.so.1 use_psd susan auth /usr/lib/security/$ISA/libpam_inhouse.so.1 try_first_pass # Password management john password /usr/lib/security/$ISA/libpam_unix.so.1 david password /usr/lib/security/$ISA/libpam_unix.so.1 use_psd susan password /usr/lib/security/$ISA/libpam_unix.so.1 use_psd


pam(3), pam.conf(4).

Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 1983-2007 Hewlett-Packard Development Company, L.P.