Configuring pam on a linux system, Configuring pam on an hp-ux system, About secure task execution – HP Systems Insight Manager User Manual

Configuring PAM on a Linux system

The administrator of a Linux CMS can customize the PAM that HP SIM uses. The file
/etc/pam.d/mxpamauthrealm

contains the authentication steps for the HP SIM web server interface.

The default for this file is:

•

#%PAM-1.0

•

auth required /lib/security/pam_unix.so

•

account required /lib/security/pam_unix.so

•

session required /lib/security/pam_unix.so

This default setup directs PAM to use the standard UNIX authentication module to authenticate users attempting
to sign in to the HP SIM web server interface. Standard calls from the system libraries are used to access
account information usually read from /etc/password or /etc/shadow.

The administrator of the system can adjust these requirements to conform to the security requirements of the
system. For example, if the security policy on the system is time dependent and /etc/security/time.conf
is configured, you could adjust mxpamauthrealm to:

•

#%PAM-1.0

•

auth required /lib/security/pam_unix.so

•

account required /lib/security/pam_unix.so

•

session required /lib/security/pam_unix.so

Configuring PAM on an HP-UX system

Customizing PAM security on HP-UX is similar. All of the PAM configurations are stored in /etc/pam.conf.

The lines for HP SIM on HP-UX 11i are:

•

mxpamauthrealm auth required /usr/lib/security/libpam_unix.1

•

mxpamauthrealm account required /usr/lib/security/libpam_unix.1

•

mxpamauthrealm session required /usr/lib/security/libpam_unix.1

The lines for HP SIM on HP-UX 11i 2.0 are:

•

mxpamauthrealm auth required /usr/lib/security/$ISA/libpam_unix.1

•

mxpamauthrealm account required /usr/lib/security/$ISA/libpam_unix.1

•

mxpamauthrealm session required /usr/lib/security/$ISA/libpam_unix.1

If you want the HP SIM web server login model to match what is configured for your other login methods
(telnet, rlogin, login, ssh, and so on), configure the same plug-in modules that are used by these other login
methods. These modules should be defined by the login service name in the /etc/pam.conf file or the
/etc/pam.d/login

file.

Related topics

•

Networking and security

•

About secure task execution

•

Installing OpenSSH

•

Managing SSH keys

About secure task execution

HP Systems Insight Manager (HP SIM)

tasks

that cause state or configuration changes on

managed systems

use

Secure Task Execution

(STE) to issue their commands to the system. STE enables an HP SIM system to

securely request execution of a task from a managed system. It ensures that the

user

requesting the task has

the appropriate rights to perform the task. The request includes a digital signature to uniquely identify the
HP SIM system making the request.

Secure Sockets Layer

(SSL) is then used to encrypt the request and protect

the data from alteration or eavesdropping. See

“Setting up trust relationships”

for more information.

152 Networking and security