LDAP-UX Client Services B.04.00 with Microsoft Windows 2000/2003 Active Directory Administrator's Guide
Administering LDAP-UX Client Services
SASL GSSAPI Support
Chapter 490
SASL GSSAPI Support
LDAP-UX Client Services B.04.00 includes support for the SASL /
Generic Security Services Application Programming Interface (GSSAPI)
authentication method for Kerberos v5. Currently, Kerberos v5 is the
only security mechanism that is implemented to work with GSSAPI. For
this release, we provide SASL/GSSAPI authentication method support
only for Microsoft Windows 2000 or 2003 Active Directory. We do not
provide SASL/GSSAPI authentication method support for Netscape
Directory Server. SASL/GSSAPI authentication is only for proxy user
authentication for the name service subsystem. Host, service or other
principles may be used for the LDAP-UX proxy identity. Because
SASL/GSSAPI is only used for proxy authentication, user authentication
to a Windows domain should still be configured using PAM_Kerberos.
For information on the realm, principal, keytab and credential cache
definitions used by the SASL GSSAPI authentication, refer to
Configuration Guide For Kerberos Product on HP-UX and Installing,
Configuring and Administering The Kerberos Server on HP-UX 11i at
http://docs.hp.com/hpux/internet.