LDAP-UX Client Services B.04.00 with Microsoft Windows 2000/2003 Active Directory Administrator's Guide
Introduction
How LDAP-UX Client Services Works
Chapter 1 5
How LDAP-UX Client Services Works
LDAP-UX Client Services leverage the authentication mechanism
provided in the Pluggable Authentication Module (PAM), and the
naming services provided by the Name Service Switch (NSS). Refer to
pam(3), pam.conf(4), and Managing Systems and Workgroups at
http://docs.hp.com/hpux/os for information on PAM. For information on
NSS, refer to switch(4) and “Configuring the Name Service Switch” in
Installing and Administering NFS Services at
http://docs.hp.com/hpux/communications/#NFS.
These extensible mechanisms allow new authentication methods and
new name services to be installed and used without changing the
underlying HP-UX commands. In particular, PAM architecture now
supports Kerberos authentication, which allows integration of HP-UX
account management in Windows 2000 or 2003.
Kerberos, an industry standard for network security, is seamlessly
integrated in the Windows 2000 or 2003 operating system through the
automatic configuration of Active Directory domain controllers to provide
Kerberos with authentication services. This enables Windows 2000 or
2003 to authenticate Kerberos clients regardless of what platform they
reside. The following figure illustrates the integration between HP-UX
and Windows 2000 for SFU (Windows Services for Unix) version 2.0.