Manualshelf

LDAP-UX Client Services B.04.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
41424344454647484950
Installing And Configuring LDAP-UX Client Services
Configure the LDAP-UX Client Services
Chapter 2 33
To change any of these default values, refer to “Custom Configuration”
on page 34.
Step 17. After entering all the configuration information, setup extends the
schema, creates a new profile, and configures the client to use the
directory.
Step 18. Configure the Pluggable Authentication Module (PAM).
Save a copy of the file /etc/pam.conf and edit the original to specify LDAP
authentication and other authentication methods you want to use. See
/etc/pam.ldap for a sample. You may be able to just copy /etc/pam.ldap to
/etc/pam.conf. See pam(3), pam.conf(4), and Managing Systems and
Workgroups at http://docs.hp.com/hpux for more information on PAM.
Step 19. Configure the Name Service Switch (NSS).
Save a copy of the file /etc/nsswitch.conf and edit the original to specify
the ldap name service and other name services you want to use. See
/etc/nsswitch.ldap for a sample. You may be able to just copy
/etc/nsswitch.ldap to /etc/nsswitch.conf. See nsswitch.conf(4) for more
information.
Step 20. Optionally, configure the Pam Authorization Service module
(pam_authz).
LDAP-UX Client Services provides a sample configuration file,
/etc/opt/ldapux/pam_authz.conf.template. This sample file shows
you how to configure the policy file to work with pam_authz. You can
copy this sample file and edit it using the correct syntax to specify the
access rules you wish to authorize or exclude from authorization. For
more detailed information on how to configure the policy file. see
“PAM_AUTHZ Login Authorization Enhancement” on page 109.
The sample /etc/pam.conf file in the man page will show you how to
configure the /etc/pam.conf file to work with pam_authz.For more
detailed information about pam_authz, refer to the pam_authz(5) man
page.
Step 21. Optionally configure the disable_uid_range flag.
Save a copy of the file /etc/opt/ldapux/ldapux_client.conf and edit the
original to activate the disable_uid_range flag. Uncomment the flag in
the [NSS] portion of the file and fill in the UID range. The format is
disable_uid_range=uid#,[uid#-uid#], .... where uid# stands for uid
number.