Manualshelf

LDAP-UX Client Services B.04.00 with Microsoft Windows 2000/2003 Active Directory Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
101102103104105106107108109110
Administering LDAP-UX Client Services
SASL GSSAPI Support
Chapter 4 91
How SASL GSSAPI Works
Figure 4-1 SASL GSSAPI Environment
The following describes how LDAP-UX binds a client using SASL
GSSAPI to the LDAP directory server shown in Figure 4-1:
1. The LDAP-UX Client Service sends the principal name and password
to the Authentication Server (AS).
2. The AS validates the principal and sends a Ticket Granting Ticket
(TGT) and associated session key to the LDAP-UX Client Services.
LDAP-UX Client Services stores the TGT and session key information in
the credential cache, /etc/opt/ldapux/krb5cc_ldap_gssapi.
3. LDAP-UX Client Services uses the TGT and requests a service ticket
from Ticket Granting Service (TGS).
4. TGS sends the service ticket and other information to LDAP-UX
Client Services.
KDC Server
AS TGS
LDAP-UX Client Services
Windows 2000/
2003 Active
Direcotory
1
234
6
5