HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3332, November 2013)

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server

Enabling SSL: Summary of steps........................................................................................469

Command line functions for Start TLS..................................................................................470

Troubleshooting Start TLS..............................................................................................470

Obtaining and installing server certificates...............................................................................471

Step 1: Generate a certificate request.................................................................................472

Step 2: Send the certificate request....................................................................................475

Step 3: Install the certificate..............................................................................................476

Step 4: Trust the certificate authority...................................................................................476

Step 5: Confirm that the new certificates are installed...........................................................477

Using certutil........................................................................................................................477

Creating Directory Server certificates through the command line............................................477

certutil usage...................................................................................................................479

Starting the server with TLS/SSL enabled.................................................................................480

Enabling TLS/SSL only in the Directory Server......................................................................481

Enabling TLS/SSL in the Directory Server, Administration Server, and console..........................482

Creating a password file for the Directory Server.................................................................484

Creating a password file for the Administration Server..........................................................484

Using external security devices...............................................................................................485

Setting security preferences....................................................................................................485

Available ciphers.............................................................................................................485

Selecting the encryption cipher..........................................................................................487

Using certificate-based authentication......................................................................................487

Configuring Directory Server to accept certificate-based authentication from LDAP clients..........489

Mapping DNs to certificates..............................................................................................490

Editing the certmap.conf file..............................................................................................493

Example certmap.conf mappings.......................................................................................493

Allowing and requiring client authentication to the console....................................................494

Connecting to the Directory Server with certificate-based authentication..................................496

Managing certificates for the Directory Server..........................................................................496

Renewing certificates........................................................................................................496

Changing the CA trust options...........................................................................................496

Changing security device passwords..................................................................................497

Managing certificate lists..................................................................................................497

Access based on the security strength of the connection.............................................................497

13 Managing SASL...................................................................................499

Overview of SASL in Directory Server......................................................................................499

About SASL identity mapping............................................................................................500

Default SASL mappings for Directory Server.........................................................................502

Authentication mechanisms for SASL in Directory Server........................................................503

About Kerberos with Directory Server..................................................................................503

About principals and realms.........................................................................................503

About the KDC server and keytabs................................................................................504

Configuring SASL identity mapping.........................................................................................505

Configuring SASL identity mapping from the console............................................................505

Configuring SASL identity mapping from the command line...................................................506

Configuring SASL authentication at Directory Server startup........................................................507

Using an external keytab.......................................................................................................507

14 Monitoring Server and Database Activity.................................................508

Viewing and configuring log files............................................................................................508

Defining a log file rotation policy.......................................................................................508

Defining a log file deletion policy.......................................................................................509

Access log......................................................................................................................510

Viewing the access log................................................................................................510

Configuring the access log...........................................................................................510

14 Contents