LDAP-UX Client Services B.04.00 with Microsoft Windows 2000/2003 Active Directory Administrator's Guide
Administering LDAP-UX Client Services
SASL GSSAPI Support
Chapter 4 93
The following is an example to use ldap_proxy_config -i
command with proxy user without the realm information proxyusr
and password proxywd:
cd /opt/ldapux/config
./ldap_proxy_config -i
proxyusr
proxywd
The following is an example to use ldap_proxy_config -d -c
command to create a proxy user with the realm information
john@CUP.HP.COM and the proxy user credential proxycrd:
cd /opt/ldapux/config
./ldap_proxy_config -d john@CUP.HP.COM -c proxycrd
• Configure a service or host principal:
Use ldap_proxy_config -i or -d to specify the service or host principal
with or without entering a password. If the password is provided,
LDAP-UX will retrieve the password information from
/etc/opt/ldapux/pcred file. When no password is specified,
LDAP-UX Client Services assume the proxy user is a service or host
principal and retrieve the credential information from the keytab
file.
The following is an example to use ldap_proxy_config -i
command to create a host principal hpntcA.cup.hp.com:
cd /opt/ldapux/cinfig
./ldap_proxy_config -i host/hpntcA.cup.hp.com@HP.COM
• Use only the keytab file without configuring proxy:
With this method, the old pcred file must be deleted if there is one.
LDAP-UX Client Services uses ldapux/<FQHN>@<REALM> as the
default service principal. If it does not exist, the
host/<FQHN>@<REALM> in the keytable file is the principal to be
used. FQHN stands for Fully Qualified Host Name.
The principal defined in a keytab file can be shared among several
services, such as Kerberized Interface Service or LDAP-UX using the
host principal for authentication. The LDAP-UX proxy principal is used
solely for LDAP-UX.