Manualshelf

Integrating HP-UX 11.x Account Management and Authentication with Microsoft Windows 2000

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
11121314151617181920
13
The following describes how to configure your HP-UX machine as a NIS client and use PAM Kerberos to authenticate users
logging into the machine.
NIS Client Configuration
Step 1: Configure HP-UX as a NIS client.
Edit /etc/rc.config.d/namesvrs, and change the following variables:
NIS_CLIENT=1
NIS_DOMAIN=nisdomain
Nisdomain is the default NIS domain created by SFU 2.0, usually it is the first domain component of your domain root.
For example, if your domain root is dc=la,dc=cal,dc=com, SFU 2.0 creates a default NIS domain called la.
Step 2: Change Name Service Switch (NSS) to use NIS.
The passwd and group entries in /etc/nsswitch.conf must include the keyword nis, for example:
passwd: files nis
group: files nis
This tells the Name Service Switch to retrieve user account and group information firstly from the local /etc/passwd file.
If this fails, then retrieve the information from an NIS server, which is Windows 2000 in our case. If your machine
doesn’t have /etc/nsswitch.conf, you can create one from copying /etc/nsswitch.nis. However, in that case, you will have
to decide how you want to configure other services (e.g. hosts, networks, rpc. etc).
Step 3: Start HP-UX as a NIS client.
You can start the client by doing “/sbin/init.d/nis.client start”.
PAM Kerberos Configuration
Step 1: Download and install the PAM Kerberos product.
If the OS version of your HP-UX machine is 11.00, you need to download and install PAM Kerberos product
(J5849AA). It can be obtained from HP software depot web site, http://software.hp.com. After downloading the
software from the web site, you use /usr/sbin/swinstall to install the product onto your HP-UX. The installation
instruction can also be found from the web site. If the OS version of your HP-UX machine is 11i, unless you unselect
it, PAM Kerberos is installed on your machine as part of the core operating system by default. You can also install it
individually from the HP-UX 11i OS CD if needed.
The PAM Kerberos Release Note (J5849AA-90001) and Configuration Guide for Kerberos Products on HP-UX
(J5849-90003) can be obtained from http://docs.hp.com/hpux/internet
. These two documents provide you detailed
information about the product.
If your HP-UX is 11.00, the 11.0 patch PHCO_22265 must be installed. It can be obtained from the HP Electronic
Support Center at:
http://us-support.external.hp.com
or
http://europe-support.external.hp.com
The patch number can be superseded at any time. The above patch number is current as of December 27, 2000. If
your HP-UX machine is 11i, the above patch has been incorporated into HP-UX 11i, the patch is not required.