# IBM_PROLOG_BEGIN_TAG # This is an automatically generated prolog. # # bos530 src/bos/etc/pam/pam.conf 1.3 # # Licensed Materials - Property of IBM # # (C) COPYRIGHT International Business Machines Corp. 2003,2004 # All Rights Reserved # # US Government Users Restricted Rights - Use, duplication or # disclosure restricted by GSA ADP Schedule Contract with IBM Corp. # # IBM_PROLOG_END_TAG # # PAM Configuration File # # This file controls the PAM stacks for PAM enabled services. # The format of each entry is as follows: # # [module_options] # # Where: # is: # The name of the PAM enabled service. # # is one of: # auth, account, password, session # # is one of: # required, requisite, sufficient, optional # # is: # The path to the module. If the field does not begin with '/' # then /usr/lib/security/ is prefixed. # # [module_options] is: # An optional field. Consult the specified modules documentation # for valid options. # # The service name OTHER controls the behavior of services that are PAM # enabled but do not have an explicit entry in this file. # # # Authentication # ftp auth required /usr/lib/security/pam_aix imap auth required /usr/lib/security/pam_aix login auth required /usr/lib/security/pam_aix rexec auth required /usr/lib/security/pam_aix rlogin auth sufficient /usr/lib/security/pam_rhosts_auth rlogin auth required /usr/lib/security/pam_aix rsh auth required /usr/lib/security/pam_rhosts_auth snapp auth required /usr/lib/security/pam_aix su auth sufficient /usr/lib/security/pam_allowroot su auth required /usr/lib/security/pam_aix telnet auth required /usr/lib/security/pam_aix OTHER auth required /usr/lib/security/pam_prohibit # # Account Management # ftp account required /usr/lib/security/pam_aix login account required /usr/lib/security/pam_aix rexec account required /usr/lib/security/pam_aix rlogin account required /usr/lib/security/pam_aix rsh account required /usr/lib/security/pam_aix su account sufficient /usr/lib/security/pam_allowroot su account required /usr/lib/security/pam_aix telnet account required /usr/lib/security/pam_aix OTHER account required /usr/lib/security/pam_prohibit # # Password Management # login password required /usr/lib/security/pam_aix passwd password required /usr/lib/security/pam_aix rlogin password required /usr/lib/security/pam_aix su password required /usr/lib/security/pam_aix telnet password required /usr/lib/security/pam_aix OTHER password required /usr/lib/security/pam_prohibit # # Session Management # ftp session required /usr/lib/security/pam_aix imap session required /usr/lib/security/pam_aix login session required /usr/lib/security/pam_aix rexec session required /usr/lib/security/pam_aix rlogin session required /usr/lib/security/pam_aix rsh session required /usr/lib/security/pam_aix snapp session required /usr/lib/security/pam_aix su session required /usr/lib/security/pam_aix telnet session required /usr/lib/security/pam_aix OTHER session required /usr/lib/security/pam_prohibit # websm. websm_rlogin auth sufficient /usr/lib/security/pam_rhosts_auth websm_rlogin auth required /usr/lib/security/pam_aix use_new_state websm_su auth sufficient /usr/lib/security/pam_aix websm_su auth required /usr/lib/security/pam_aix websm_rlogin account required /usr/lib/security/pam_aix mode=S_RLOGIN websm_su account sufficient /usr/lib/security/pam_aix mode=S_SU websm_su account required /usr/lib/security/pam_aix mode=S_SU websm_rlogin password required /usr/lib/security/pam_aix use_new_state try_first_pass websm_su password required /usr/lib/security/pam_aix try_first_pass websm_rlogin session required /usr/lib/security/pam_aix websm_su session required /usr/lib/security/pam_aix