Configuration example of PAM for HP-UX

This is an example configuration of PingID SSH for PAM on HP-UX.

About this task

This assumes that you specified --prefix=/usr/local in the configure command.

Edit the /etc/pam.conf file as follows:

To add MFA to SSH: Change the lines starting with sshd:

From:
```
sshd auth required libpam_hpsec.so.1
sshd auth required libpam_unix.so.1
```
To:
```
sshd auth required libpam_hpsec.so.1
sshd auth required /usr/lib/security/pam_pingid.so
```
1. Apply PingID to SSH by editing the sshd_config file:
  sudo vi /opt/ssh/etc/sshd_config
2. Set UsePAM to ‘yes’, ChallengeResponseAuthentication to ‘yes’ and PasswordAuthentication to ‘no’.
3. Configure PAM for public key authentication by adding the following line to the SSHD configuration file,sshd_config:
  AuthenticationMethods publickey,keyboard-interactive
  To check the OpenSSH version, run
  
  ssh -V
4. Restart the sshd service:
  sudo /sbin/init.d/secsh stop sudo /sbin/init.d/secsh start

To add MFA to SU: Change the lines starting with su:

From:

su auth required libpam_hpsec.so.1 bypass_setaud
su auth required libpam_unix.so.1

To:

su auth required libpam_hpsec.so.1 bypass_setaud
su auth requisite libpam_unix.so.1
su auth required /usr/lib/security/pam_pingid.so