Integrating HP-UX 11.x Account Management and Authentication with Microsoft Windows 2000

Introduction

Many enterprises contain a mixture of operating systems and platforms. Often a single user has both Windows 2000 and

UNIX accounts on multiple systems. Having a common authentication service and account information data store across

platforms improves security, administration and the end-user experience.

Windows 2000 servers provide network-wide common authentication and data storage, but Windows clients don’t

interoperate with other vendor’s solutions. Fortunately, HP-UX can dynamically add authentication and name service libraries

to an existing system, allowing it to utilize a variety of services. The basis of the Microsoft services comes from industry

standard protocols (Kerberos

and LDAP

) already supported by HP-UX. Integrating HP-UX as a client of these services

mostly requires configuration modifications to handle the differences between Microsoft’s implementation and those of other

providers of similar services.

This white paper describes how to use existing products to integrate HP-UX authentication, user and group management with

Microsoft Windows 2000. Utilizing the LDAP-UX Client Services and PAM Kerberos Authentication products from HP, and

Microsoft’s Services for UNIX 2.0 (SFU), the Windows 2000 Active Directory (AD) can be used as a common data store for

both Windows 2000 and HP-UX. In addition, HP-UX users can be authenticated using the same user name, password and

Kerberos server utilized by the Windows clients.

“The Kerberos Network Authentication Service (V5)”, J. Hohl, C. Neuman, IETF RFC 1510, September 1993

“Lightweight Directory Access Protocol (v3)”, M. Wahl, T. Howes, S. Kille, IETF RFC 2251, December 1997