Manualshelf

LDAP-UX Client Services B.04.00 with Microsoft Windows 2000/2003 Active Directory Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
31323334353637383940
Installing LDAP-UX Client Services
Planning Your Installation
Chapter 220
You have a choice between SIMPLE (the default), or SASL GSSAPI.
Do you want to specify the keytab file when you use SASL GSSAPI
authentication.
LDAP-UX Client Services allows you to specify the keytab file when
you use the SASL GSSAPI authentication. You can run the setup
program to specify the keytab file. If no file is specified, LDAP-UX
will use the default keytab file configured in /etc/krb5.conf using
default_keytab_name. If there is no default keytab file configured
in /etc/krb5.conf, then the keytab file /etc/krb5.keytab file is
used.
What name services will you use? How will you set up
/etc/nsswitch.conf? What order do you want NSS to try services?
NSS is the Name Service Switch, providing naming services for user
names, group names, and other information. You can configure NSS
to use files, LDAP, or NIS in any order and with different
parameters. Refer to /etc/nsswitch.ldap for an example
nsswitch.conf file using files and LDAP. Refer to switch(4) and
“Configuring the Name Service Switch” in Installing and
Administering NFS Services at
http://docs.hp.com/hpux/communications/ for more information.
It is recommended you use files first, followed by LDAP for passwd,
group and other supported name services. With this configuration,
NSS will first check files, then check the directory if the user or group
is not in the respective files. /etc/nsswitch.ldap is an example of
this configuration.
Do you need to set up login authorization for a subset of users from a
large repository such as an LDAP directory? How will you set up the
/etc/opt/ldapux/pam_authz.conf and /etc/pam.conf files to
implement this feature?
The pam_authz service module for PAM provides functionality that
allows the administrator to control who can login to the system.
These modules are located at /usr/lib/security/libpam_authz.1 on the
HP 9000 machine and at libpam_authz.so.1 on the Integrity (ia64)
machine. pam_authz has been created to provide access control.
Starting with LDAP-UX Client Services B.04.00, pam_authz has
been enhanced to allow system administrators to configure and
customize their local access rules in a local policy file,
/etc/opt/ldapux/pam_authz.policy. pam_authz uses these