Configuration example of PAM for HP-UX
This is an example configuration of PingID SSH for PAM on HP-UX.
About this task
This assumes that you specified |
Steps
-
Create a backup of the common PAM configuration file,
/etc/pam.conf
. -
Edit the
/etc/pam.conf
file as follows:Choose from:
-
To add MFA to SSH: Change the lines starting with
sshd
:From:
sshd auth required libpam_hpsec.so.1 sshd auth required libpam_unix.so.1
To:
sshd auth required libpam_hpsec.so.1 sshd auth required /usr/lib/security/pam_pingid.so
-
Apply PingID to SSH by editing the sshd_config file:
sudo vi /opt/ssh/etc/sshd_config
-
Set
UsePAM
to ‘yes’,ChallengeResponseAuthentication
to ‘yes’ andPasswordAuthentication
to ‘no’. -
Configure PAM for public key authentication by adding the following line to the SSHD configuration file,
sshd_config
:AuthenticationMethods publickey,keyboard-interactive
To check the OpenSSH version, run
ssh -V
-
Restart the sshd service:
sudo /sbin/init.d/secsh stop sudo /sbin/init.d/secsh start
-
-
To add MFA to SU: Change the lines starting with
su
:From:
su auth required libpam_hpsec.so.1 bypass_setaud su auth required libpam_unix.so.1
To:
su auth required libpam_hpsec.so.1 bypass_setaud su auth requisite libpam_unix.so.1 su auth required /usr/lib/security/pam_pingid.so
-