[ Previous | Next | Table of Contents | Index | Library Home |
Legal |
Search ]
Files Reference
Contains the information for
loadable authentication module configuration.
The
/usr/lib/security/methods.cfg file is an ASCII file that
contains stanzas with loadable authentication module information. Each
stanza is identified by a module name followed by a colon (:) and
contains attributes in the form
Attribute=Value. Each attribute ends
with a new-line character and each stanza ends with an additional new-line
character.
Each stanza can have the
following attributes:
| domain
| Specifies a free-format ASCII text string that is used by the loadable
authentication module to select a data repository. This attribute is
optional.
|
| program
| Names the load module containing the executable code that implements the
loadable authentication method.
|
| program_64
| Names the load module containing the executable code that implements the
loadable authentication method for 64-bit processes.
|
| options
| Specifies an ASCII text string containing optional values that are passed
to the loadable authentication module upon initialization. The
supported values for each module are described by the product documentation
for that loadable authentication module.
The options attribute takes the following pre-defined
values:
- auth=module
- Specifies the module to be used to perform authentication functions for
the current loadable authentication module
- authonly
- Indicates that the loadable authentication module only performs
authentication operations. User and group information must be provided
by a different module, specified by the db= option. If not
by a module, then user and group information must be provided by the local
files database.
- db=module
- Specifies the module to be used for providing user and group information
for the current loadable authentication module
- dbonly
- Indicates that the loadable authentication module only provides user and
group information and does not perform authentication functions.
Authentication operations must be performed by a different load module,
specified by the auth= option. If the auth=
option is not specified, all authentication operations fail.
- noprompt
- The initial password prompt for authentication operations is
suppressed. The loadable authentication module would then control all
password prompting.
You can only use the auth=module and
db=module value strings for complex loadable
authentication modules, which may require or be used with another loadable
authentication module to provide new functionality.
The authonly and dbonly values are invalid for
complex modules.
You can use the noprompt value for any kind of module.
|
Access Control: This file should
grant read (r) and write (w) access to the root user only and read (r) access
to the security group and all other users.
- To indicate that the loadable authentication module
is located in the file /usr/lib/security/DCE, enter:
program = /usr/lib/security/DCE
- To indicate that the loadable authentication module only
should provide authentication functions, enter:
options = authonly
- The following example contains configuration
information for the LDAP simple loadable authentication
module:
LDAP:
program = /usr/lib/security/LDAP
program_64 = /usr/lib/security/LDAP64
The "LDAP" stanza gives the name
of the module, used by the SYSTEM and registry
attributes for a user. The name does not have to be the same as the
file name given for the program attribute.
- The following example contains configuration
information for the KERBEROS complex loadable authentication module:
KERBEROS:
program = /usr/lib/security/KERBEROS
program_64 = /usr/lib/security/KERBEROS64
options = authonly,db=LDAP
The "KERBEROS" stanza gives the
name of the module as used by the SYSTEM and registry
attributes for a user. This name does not have to be the same as the
name of the file given for the program attribute. The
options attribute indicates that the user and group information
functions are to be performed by the module described by the "LDAP" stanza (in
example 3).
This file is part of Base
Operating System (BOS) Runtime.
- /usr/lib/security/methods.cfg
- Specifies the path to the file.
- /etc/passwd
- Contains basic user attributes.
- /etc/security/user
- Contains the extended attributes of users.
The chuser command, login command, lsuser command, passwd command, su command.
The getauthdb
subroutine, setauthdb subroutine.
Chapter 18. Loadable Authentication Module
Programming Interface in AIX 5L Version 5.1 Kernel Extensions
and Device Support Programming Concepts
[ Previous | Next | Table of Contents | Index |
Library Home |
Legal |
Search ]