Manualshelf

LDAP-UX Client Services B.04.00 with Microsoft Windows 2000/2003 Active Directory Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
41424344454647484950
Installing LDAP-UX Client Services
Configuring LDAP-UX Client Services
Chapter 2 37
(/etc/opt/ldapux/pcred)
The principal defined in a keytab file can be shared among
several services, such as Kerberized Interface Service or
LDAP-UX using the host principal for authentication. The
LDAP-UX proxy principal is used solely for LDAP-UX.
It will prompt you for selecting the type of principal. Enter H if you
wish to use a host/service principal. Enter P if you wish to use a
proxy principal. By default, the host or service principal is used.
16. Next, it will prompt you for entering the path to the Kerberos keytab
file. Enter the keytab file if you want to specify the keytab file to be
used. If no file is specified, LDAP-UX will use the default keytab file
configured in /etc/krb5.conf using “default_keytab_name”. If
there is no default keytab file configured in /etc/krb5.conf, then
the keytab file /etc/krb5.keytab will be used.
17. Next, it will prompt you for specifying an alternate principal name. If
you do not want to use the default principal name, enter an alternate
principal name. For example,
host/hpntc20.cup.hp.com@CUP.HP.COM.
LDAP-UX uses ldapux/<FQHN>@<REALM> as the default service
principal. If it does not exist, the host/<FQHN>@<REALM> in the
keytable file is the principal to be used.FQHN stands for Fully
Qualified Host Name.
18. For Active Directory, you must set access to the directory by proxy
user because anonymous binding does not grant enough access right
to an Active Directory. Enter the DN and password of your proxy
user from Appendix A.
19. Enter the maximum time in seconds the client should wait for
binding to the directory before aborting (“bind time”). Enter 0 for no
time limit.
CAUTION The default client binding time is 5 seconds. Depending on the load
on your directory, this default value may not be high enough to
service all database requests.
20. Enter the maximum time in seconds the client should wait for
directory searches before aborting. Enter 0 for no time limit.