Manualshelf

Integrating HP-UX 11.x Account Management and Authentication with Microsoft Windows 2000

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
12345678910
5
Windows 2000
Following two primary Windows 2000 features built on top of existing industry standards improve Windows 2000’s
capability to interoperate with UNIX platforms:
Active Directory (AD):
This is an LDAP based directory which Windows 2000 uses to store all its data. LDAP is an open internet standard. The
support of LDAP allows Windows 2000 to interoperate with other vendors’ LDAP directory enabled applications.
Kerberos Services:
Kerberos is the primary authentication method for Microsoft clients connecting to Windows 2000 server. Kerberos is an
industry standard for network security. With the support of Kerberos authentication, Windows 2000 is able to authenticate
Kerberos clients regardless of what platforms the clients reside on.
Active Directory and Kerberos are integrated seamlessly in the Windows 2000 operating system. Active Directory domain
controllers are automatically configured to provide Kerberos with authentication services, and by default, all Windows 2000
computers are configured to operate as Kerberos clients.
Services for UNIX (SFU):
PAM:
lo
g
in
,
su…. a
pp
lication…
PAM Library
PAM_UNIX PAM_LDAP PAM_Kerberos
g
et
p
wnam
()
g
et
g
rnam
()
N
SS Engine
N
SS_FILES
N
SS_NIS
SS_LDAP
NSS:
…..
….
….
….
Application services
Reads /etc/pam.conf to
see which authentication
module to use
Authentication modules
APIs to access user/system
information
Reads /etc/nsswitch.conf
to decide which name
service module to use
N
ame service modules