Manualshelf

LDAP-UX Client Services B.04.00 with Microsoft Windows 2000/2003 Active Directory Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
31323334353637383940
Installing LDAP-UX Client Services
Planning Your Installation
Chapter 2 19
By default, Active Directory does not grant enough access rights to
retrieve user and group information by anonymous access. Therefore,
a proxy user needs to be configured.
Write your proxy user DN on the worksheet in Appendix A.
How will you set up /etc/pam.conf? What other authentication do
you want to use and in what order?
PAM provides authentication services. You can configure PAM to use
LDAP, Kerberos, or other traditional UNIX locations (for example:
files, NIS, NIS+) as controlled by NSS. Refer to pam(3), pam.conf(4),
and Managing Systems and Workgroups at
http://docs.hp.com/hpux/os for more information on PAM.
Do you want to use SSL for secure communication between LDAP
clients and the Windows 2000 or 2003 Active Directory Server?
The LDAP-UX Client Services B.04.00 supports SSL with password
as the credential, using either simple or SASL GSSAPI
authentication (SASL GSSAPI for the Windows 2000 or 2003 Active
Directory Server only) to ensure confidentiality and data integrity
between the clients and servers. By default, SSL is disabled. For
detailed information, refer to “Configuring the LDAP-UX Client
Services with SSL Support” on page 51.
What authentication method will you use when you choose to enable
SSL?
You have a choice between SIMPLE with SSL (the default), or SASL
GSSAPI with SSL.
LDAP-UX Client Services B.04.00 includes support for the SASL
Generic Security Services Application Programming Interface
(GSSAPI) authentication method using Kerberos v5. Currently,
Kerberos v5 is the only security mechanism that is implemented to
work with GSSAPI. For this release, we only provide SASL GSSAPI
authentication method support for Microsoft Windows 2000 or 2003
Active Directory. SASL GSSAPI authentication is only for proxy
user authentication for the name service subsystem. Host, service or
other principles may be used for the LDAP-UX proxy identity. For
detailed information on SASL GSSAPI support, see “SASL GSSAPI
Support” on page 90.
What authentication method will you use when you choose to not
enable SSL?