Manualshelf

HP-UX 11i September 2005 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1.6 Technical Computing (TCOE) LTU
131132133134135136137138139140
Internet and Networking
LDAP-UX Client Services (LDAP-UX Integration Product)
Chapter 7
138
Support for publickey requires functionality enhancement in LDAP-UX Client
Services and enablement in ONC. ONC with Publickey LDAP support will be
available during the second half of calendar year 2005.
NIS+ to LDAP migration scripts provided
This release provides migration scripts that can be used to migrate name service
data from an NIS+ domain into an LDAP directory server. These scripts add support
for migration of automount maps as well as publickey maps. LDAP-UX Client
Services only supports NIS+ to LDAP migration scripts for Netscape Directory
Server. Because of the syntactic differences between NIS+ access controls and those
used by the variety of LDAP directory servers, NIS+ access controls must be
migrated manually. The NIS+ migration scripts support migration of the following
NIS+ service data to an LDAP directory server:
—groups
—password
—hosts
—services
—rpc
—netgroup
protocols
—networks
—autofs
publickey
user-defined map
NIS+ to LDAP migration scripts are used to migrate NIS+ service data from the
NIS+ server to Netscape Directory Server for HP-UX. These scripts can not be used
to migrate service data to the Windows 2000/2003 Active Directory Server.
Support for SASL/GSSAPI authentication
This release includes support for the GSSAPI SASL authentication method for
Kerberos v5. For this release, LDAP-UX Client Services only supports
SASL/GSSAPI authentication for Microsoft Windows 2000 or 2003 Active Directory
Server. This feature is only for proxy user authentication for the name service
subsystem. Host, service, or other principals may be used for the LDAP-UX proxy
identity. You can configure a user, service, or host principal using
ldap_proxy_config or use Kerberos keytab file without configuring proxy. Because
SASL/GSSAPI is only used for proxy authentication, user authentication to a
Windows domain should still be configured using PAM-Kerberos.
Support for pam-authz login authorization enhancements
Prior to LDAP-UX Client Services version B.04.00, pam_authz uses netgroups as the
method to define access rights to an HP-UX host or other pam-enabled applications.
For this release, pam_authz has been enhanced to provide administrators a simple
policy file, /etc/opt/ldapux/pam_authz.policy, to set up a local access policy to
better meet their need in the organization. pam_authz uses the access policy defined