Contains the information for loadable authentication module configuration.
The /usr/lib/security/methods.cfg file is an ASCII file that contains stanzas with loadable authentication module information. Each stanza is identified by a module name followed by a colon (:) and contains attributes in the form Attribute=Value. Each attribute ends with a new-line character and each stanza ends with an additional new-line character.
The /usr/lib/security/methods.cfg file is a symbolic link to the /etc/methods.cfg file.
Each stanza can have the following attributes:
Attribute | Description |
---|---|
domain | Specifies a free-format ASCII text string that is used by the loadable authentication module to select a data repository. This attribute is optional. |
netgroup | Indicates netgroup enablement for this module.
The following behaviors will be turned on:
|
options | Specifies an ASCII text string containing optional values that
are passed to the loadable authentication module upon initialization.
The supported values for each module are described by the product
documentation for that loadable authentication module. The options attribute takes the following pre-defined values:
|
Attribute | Description |
---|---|
options (continued) | The options attribute can also use the following predefined values for the KRB5/KRB5A load modules:
|
Attribute | Description |
---|---|
options (continued) | You can only use the auth=module and db=module value strings for complex loadable authentication modules, which may require or be used with another loadable authentication module to provide new functionality. The authonly and dbonly values are invalid for complex modules. You can use the noprompt value for any kind of module. |
program | Names the load module containing the executable code that implements the loadable authentication method. |
program_64 | Names the load module containing the executable code that implements the loadable authentication method for 64-bit processes. |
Access Control: This file should grant read (r) and write (w) access to the root user only and read (r) access to the security group and all other users.
program = /usr/lib/security/DCE
options = authonly
LDAP:
program = /usr/lib/security/LDAP
program_64 = /usr/lib/security/LDAP64
The "LDAP" stanza gives the name of the module, used by the SYSTEM and registry attributes for a user. The name does not have to be the same as the file name given for the program attribute.
KERBEROS:
program = /usr/lib/security/KERBEROS
program_64 = /usr/lib/security/KERBEROS64
options = authonly,db=LDAP
The "KERBEROS" stanza gives the name of the module as used by the SYSTEM and registry attributes for a user. This name does not have to be the same as the name of the file given for the program attribute. The options attribute indicates that the user and group information functions are to be performed by the module described by the "LDAP" stanza (in example 3).