Integrating HP-UX Account Management and Authentication with LDAP
Figure 5. Controlling UNIX login with profiles. On the systems using general profile, either Jane or Joe may log in. On systems using finance profile, only
Joe is accepted.
Some directories contain rich access control list (ACL) functionality that can be used as well. Features such as limiting access to an entry,
profile or subtree based on the caller's encryption level, IP address, or DNS domain, can be utilized in a variety of situations. Currently, LDAP
ACL functionality is vendor specific. An LDAP ACL draft is under review at the IETF.
What's Next? The future of HP-UX/LDAP Integration
This paper describes the first phase in a continuing effort by HP-UX to further integrate with LDAP and to interoperate with directory enabled
applications. HP is currently developing enhancements to LDAP-UX to support greater password security via Digest-MD5 and/or SSL, and
interoperability with the existing PAM_Kerberos product. Certification of Microsoft ADS and integration with Windows 2000 accounts are also
under development. Additional Name Service databases will also be supported by NSS_LDAP.
Other HP-UX products are also developing or investigating directory enablement. These products include DNS, Web QoS, IPSec, VPN, and
system configuration management.
[1]
This paper describes products currently under development. Hewlett-Packard reserves the right to modify development plans for any of the features
discussed in this document.
Legal Notices
The information in this document is subject to change without notice. Hewlett-Packard makes no warranty of any kind with regard to this document, including,
but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Hewlett-Packard shall not be held liable for errors contained
herein or direct, indirect, special, incidental or consequential damages in connection with the furnishing, performance, or use of this material. Hewlett-Packard
Company 19420 Homestead Road Cupertino, California 95014 U.S.A.
Copyright Notices
(c)Copyright 2000 Hewlett-Packard Company, all rights reserved. Reproduction, adaptation, or translation of this document without prior written permission is
prohibited, except as allowed under the copyright laws.
(c)Copyright 1979, 1980, 1983, 1985-96, 2000 Regents of the University of California. This software is based in part on the Fourth Berkeley Software
Distribution under license from the regents of the University of California. Copyright Notices
UNIX is a registered trademark of The Open Group.
NIS is a trademark of Sun Microsystems, Inc.
ADS is a trademark of Microsoft, Inc. Other product and brand names are trademarks of their respective owners.
LDAP/HP-UX Integration
http://raptor.cup.hp.com/ldap/doc/WhitePapers/intpaper/uxint.html (6 of 6) [5/4/2000 1:33:48 PM]