Manualshelf

LDAP-UX Client Services B.04.10 Administrator's Guide (edition 7)

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
31323334353637383940
16. You can quickly configure a Directory Server and the first client by accepting the remaining
default configuration parameters when prompted.
If you want to use the SASL DIGEST-MD5 authentication method, you need to configure a
proxy user with its credential level.
Using the SASL DIGEST-MD5 authentication, the password must be stored in the clear text
in the LDAP directory.
Configuration Parameter Default Values (page 36) shows the configuration parameters and
the default values they will be configured with.
Table 2-1 Configuration Parameter Default Values
Default ValueParameter
AnonymousType of client binding
5 secondsBind time limit
no limitSearch time limit
YesUse of referrals
0 - infiniteProfile TTL (Time To Live)
YesUse standard RFC-2307 object class attributes for supported services
YesUse default search descriptions for supported services
SimpleAuthentication method
To change any of these default values, refer to Custom Configuration (page 38).
17. After entering all the configuration information, setup extends the schema, creates a new
profile, and configures the client to use the directory.
18. Configure the Pluggable Authentication Module (PAM).
Save a copy of the file /etc/pam.conf and edit the original to specify LDAP authentication
and other authentication methods you want to use. See /etc/pam.ldap for a sample. You
may be able to just copy /etc/pam.ldap to /etc/pam.conf. See pam(3), pam.conf(4), and Managing
Systems and Workgroups at http://docs.hp.com/hpux for more information on PAM.
19. Configure the Name Service Switch (NSS).
Save a copy of the file /etc/nsswitch.conf and edit the original to specify the ldap name
service and other name services you want to use. See /etc/nsswitch.ldap for a sample. You
may be able to just copy /etc/nsswitch.ldap to /etc/nsswitch.conf. See nsswitch.conf(4)
for more information.
20. Optionally, configure the Pam Authorization Service module (pam_authz).
LDAP-UX Client Services provides a sample configuration file,
/etc/opt/ldapux/pam_authz.conf.template. This sample file shows you how to
configure the policy file to work with pam_authz. You can copy this sample file and edit it
using the correct syntax to specify the access rules you wish to authorize or exclude from
authorization. For more detailed information on how to configure the policy file. see
PAM_AUTHZ Login Authorization (page 98).
The sample /etc/pam.conf file in the man page will show you how to configure the
/etc/pam.conf file to work with pam_authz. For more detailed information about
pam_authz, refer to the pam_authz(5) man page.
21. Optionally configure the disable_uid_range flag.
Save a copy of the file /etc/opt/ldapux/ldapux_client.conf and edit the original
to activate the disable_uid_range flag. Uncomment the flag in the [NSS] portion of the file
36 Installing And Configuring LDAP-UX Client Services