LDAP-UX Client Services B.04.10 Administrator's Guide (edition 7)

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

Examples..........................................................................................................................................82

Group Attribute Mappings.............................................................................................................83

Number of Group Members Returned.................................................................................................84

Number of Groups Returned for a Specific User.................................................................................84

Performance Impact for Dynamic Groups............................................................................................85

Enabling/Disabling enable_dynamic_getgroupsbymember...........................................................85

Configuring Dynamic Group Caches...................................................................................................85

5 Administering LDAP-UX Client Services......................................................................87

Using The LDAP-UX Client Daemon...................................................................................................87

Overview.........................................................................................................................................87

ldapclientd.......................................................................................................................................88

Starting the client.......................................................................................................................88

Controlling the client..................................................................................................................88

Client Daemon performance......................................................................................................88

Command options......................................................................................................................88

Diagnostics.................................................................................................................................89

Warnings....................................................................................................................................89

ldapclientd.conf...............................................................................................................................89

Missing settings..........................................................................................................................89

Configuration file syntax............................................................................................................89

Section details.......................................................................................................................90

Configuration File......................................................................................................................95

Integrating with Trusted Mode.............................................................................................................95

Overview.........................................................................................................................................95

Features and Limitations.................................................................................................................96

Auditing.....................................................................................................................................96

Password and Account Policies..................................................................................................96

PAM Configuration File.............................................................................................................97

Others.........................................................................................................................................97

Configuration Parameter.................................................................................................................97

PAM_AUTHZ Login Authorization ....................................................................................................98

Policy And Access Rules..................................................................................................................98

How Login Authorization Works....................................................................................................98

PAM_AUTHZ Supports Security Policy Enforcement .................................................................100

Authentication using LDAP.....................................................................................................100

Authentication with Secure Shell (SSH) and r-commands......................................................100

Policy File.......................................................................................................................................101

Policy Validator..............................................................................................................................102

An Example of Access Rule Evaluation...................................................................................102

Dynamic Variable Support............................................................................................................102

Constructing an Access Rule in pam_authz.policy.......................................................................103

Fields in an Access Rule...........................................................................................................103

Static List Access Rule....................................................................................................................106

Dynamic Variable Access Rule .....................................................................................................108

Supported Functions for Dynamic Variables...........................................................................108

Examples..................................................................................................................................108

Security Policy Enforcement with Secure Shell (SSH) or r-commands.........................................110

Security Policy Enforcement Access Rule ...............................................................................110

An Example of Access Rules...............................................................................................111

Setting Access Permissions for Global Policy Attributes.........................................................111

Configuring PAM Configuration File......................................................................................112

Evaluating the Netscape/Red Hat Directory Server Security Policy........................................112

PAM Return Codes ..................................................................................................................112

Table of Contents 5