Contains the information for loadable authentication module configuration.
The /usr/lib/security/methods.cfg file is an ASCII file that contains stanzas with loadable authentication module information. Each stanza is identified by a module name followed by a colon (:) and contains attributes in the form Attribute=Value. Each attribute ends with a new-line character and each stanza ends with an additional new-line character.
Each stanza can have the following attributes:
Attribute | Description |
---|---|
domain | Specifies a free-format ASCII text string that is used by the loadable authentication module to select a data repository. This attribute is optional. |
program | Names the load module containing the executable code that implements the loadable authentication method. |
program_64 | Names the load module containing the executable code that implements the loadable authentication method for 64-bit processes. |
options | Specifies an ASCII text string containing optional values that are
passed to the loadable authentication module upon initialization. The supported
values for each module are described by the product documentation for that
loadable authentication module.
The options attribute takes the following pre-defined values:
You can only use the auth=module and db=module value strings for complex loadable authentication modules, which may require or be used with another loadable authentication module to provide new functionality. The authonly and dbonly values are invalid for complex modules. You can use the noprompt value for any kind of module. |
Access Control: This file should grant read (r) and write (w) access to the root user only and read (r) access to the security group and all other users.
program = /usr/lib/security/DCE
options = authonly
LDAP: program = /usr/lib/security/LDAP program_64 = /usr/lib/security/LDAP64
The "LDAP" stanza gives the name of the module, used by the SYSTEM and registry attributes for a user. The name does not have to be the same as the file name given for the program attribute.
KERBEROS: program = /usr/lib/security/KERBEROS program_64 = /usr/lib/security/KERBEROS64 options = authonly,db=LDAP
The "KERBEROS" stanza gives the name of the module as used by the SYSTEM and registry attributes for a user. This name does not have to be the same as the name of the file given for the program attribute. The options attribute indicates that the user and group information functions are to be performed by the module described by the "LDAP" stanza (in example 3).
The chuser command, login command, lsuser command, passwd command, su command.
The getauthdb subroutine, setauthdb subroutine.
Chapter 18. Loadable Authentication Module Programming Interface in AIX 5L Version 5.2 Kernel Extensions and Device Support Programming Concepts