PingID Administration Guide

Configuration example of PAM for HP-UX

This is an example configuration of PingID SSH for PAM on HP-UX.

About this task

This assumes that you specified --prefix=/usr/local in the configure command.

Steps

  1. Create a backup of the common PAM configuration file, /etc/pam.conf.

  2. Edit the /etc/pam.conf file as follows:

    Choose from:

    • To add MFA to SSH: Change the lines starting with sshd:

      From:

      sshd auth required libpam_hpsec.so.1
      sshd auth required libpam_unix.so.1

      To:

      sshd auth required libpam_hpsec.so.1
      sshd auth required /usr/lib/security/pam_pingid.so
      1. Apply PingID to SSH by editing the sshd_config file:

        sudo vi /opt/ssh/etc/sshd_config
      2. Set UsePAM to ‘yes’, ChallengeResponseAuthentication to ‘yes’ and PasswordAuthentication to ‘no’.

      3. Configure PAM for public key authentication by adding the following line to the SSHD configuration file,sshd_config:

        AuthenticationMethods publickey,keyboard-interactive

        To check the OpenSSH version, run

        ssh -V
      4. Restart the sshd service:

        sudo /sbin/init.d/secsh stop
        sudo /sbin/init.d/secsh start
    • To add MFA to SU: Change the lines starting with su:

      From:

      su auth required libpam_hpsec.so.1 bypass_setaud
      su auth required libpam_unix.so.1

      To:

      su auth required libpam_hpsec.so.1 bypass_setaud
      su auth requisite libpam_unix.so.1
      su auth required /usr/lib/security/pam_pingid.so