---
title: Configuration example of PAM for HP-UX
description: This is an example configuration of PingID SSH for PAM on HP-UX.
component: pingid
page_id: pingid:pingid_integrations:pid_configuration_example_pam_for_hp_ux
canonical_url: http://docs.pingidentity.com/pingid/pingid_integrations/pid_configuration_example_pam_for_hp_ux.html
revdate: January 23, 2024
section_ids:
  about-this-task: About this task
  steps: Steps
  choose-from: Choose from:
---

# Configuration example of PAM for HP-UX

This is an example configuration of PingID SSH for PAM on HP-UX.

## About this task

|   |                                                                                 |
| - | ------------------------------------------------------------------------------- |
|   | This assumes that you specified `--prefix=/usr/local` in the configure command. |

## Steps

1. Create a backup of the common PAM configuration file, `/etc/pam.conf`.

2. Edit the `/etc/pam.conf` file as follows:

   ### Choose from:

   * **To add MFA to SSH:** Change the lines starting with `sshd`:

     From:

     ```
     sshd auth required libpam_hpsec.so.1
     sshd auth required libpam_unix.so.1
     ```

     To:

     ```
     sshd auth required libpam_hpsec.so.1
     sshd auth required /usr/lib/security/pam_pingid.so
     ```

     1. Apply PingID to SSH by editing the sshd\_config file:

        ```
        sudo vi /opt/ssh/etc/sshd_config
        ```

     2. Set `UsePAM` to 'yes', `ChallengeResponseAuthentication` to 'yes' and `PasswordAuthentication` to 'no'.

     3. Configure PAM for public key authentication by adding the following line to the SSHD configuration file,`sshd_config`:

        ```
        AuthenticationMethods publickey,keyboard-interactive
        ```

        |   |                                                 |
        | - | ----------------------------------------------- |
        |   | To check the OpenSSH version, run```
        ssh -V
        ``` |

     4. Restart the sshd service:

        ```
        sudo /sbin/init.d/secsh stop
        sudo /sbin/init.d/secsh start
        ```

   * **To add MFA to SU:** Change the lines starting with `su`:

     From:

     ```
     su auth required libpam_hpsec.so.1 bypass_setaud
     su auth required libpam_unix.so.1
     ```

     To:

     ```
     su auth required libpam_hpsec.so.1 bypass_setaud
     su auth requisite libpam_unix.so.1
     su auth required /usr/lib/security/pam_pingid.so
     ```