Manualshelf

LDAP-UX Client Services B.04.10 Administrator's Guide (edition 7)

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
51525354555657585960
Select and download one of the following software bundle, place it to your client system,
/tmp is assumed:
Enhkey B.11.11.01 HP-UX B.11.11 64+32 depot for HP-UX 11i v1
Enhkey B.11.23.01 HP-UX B.11.23 IA+PA depot for HP-UX 11i v2
Use swinstall to install the software bundle:
swinstall -x autoreboot=true -s
/tmp/ENHKEY_B.11.11.01_HP-UX_B.11.11_64_32.depot for HP-UX 11i v1
swinstall -x autoreboot=true -x reinstall=false -s
/tmp/ENHKEY_B.11.23.01_HP-UX_B.11.23_IA_PA.depot for HP-UX 11i v2
Extending the Publickey Schema into Your Directory
The publickey schema is not loaded in the Netscape/Red Hat Directory Server. If you are installing
LDAP-UX B.04.00 or later version on your client system, the setup program will extend the
publickey schema into your Directory Server. If you previously configured LDAP-UX B.03.30
or earlier version, and now update the product to version B.04.00 or later, you must re-run the
setup program to extend the publickey schema into your LDAP directory. You do not need to
re-run the setup program for the subsequent client systems. For detailed information on how to
run the setup program to extend the publickey schema into an LDAP directory, see Quick
Configuration (page 34).
Admin Proxy User
A special type of proxy user, known as an Admin Proxy has been added to LDAP-UX to support
management of publickey information in an LDAP directory server. The Admin Proxy represents
the HP-UX administrator's rights in the directory server and typically is used to represent root's
privileges extended to the directory server. Only an Admin Proxy user is allowed to use the
newkey tool to add host and user keys into the LDAP directory server, or to use the chkey tool
to modify host keys in the LDAP directory server.
Configuring an Admin Proxy User Using ldap_proxy_config
You need to use a new ldap_proxy_config tool option-A to configure an Admin Proxy user.
You must specify the -A option along with other options to perform operations applying to an
Admin Proxy user. For example, you can use the ldap_proxy_config -A -i command to
create an Admin Proxy user. See The ldap_proxy_config Tool (page 132) for details.
Password for an Admin Proxy User
In order to protect user's secret keys in the LDAP directory, the secret keys are encrypted using
the user's password. This process is used in NIS as well as NIS+ environments. The host's secret
key must also be encrypted. Since the host itself does not have its own password, root's password
is used to encrypt the host's secret key. The chkey or newkey command prompts for root's
password when changing or adding a key for a host. For this reason, you may wish to configure
the Admin Proxy user in the LDAP directory to have the same password as the root user on the
master host. Although it is not required that the Admin Proxy user and root user share the same
password, it allows you to avoid storing the Admin Proxy user's password in the
/etc/opt/ldapux/acred file. In such case, when you run the ldap_proxy_config -A
-i command to configure the Admin Proxy user, you enter only Admin Proxy user's DN without
the password. LDAP-UX will use the root's password given to the chkey and newkey commands
as the Admin Proxy user's password to perform public key operations. However, the
ldap_proxy_config -A -v command will not be able to validate the Admin Proxy user
because no password is available to ldap_proxy_config. As a result, the message No
password is provided. Validation is not performed" will be displayed.
Configure LDAP-UX Client Services with Publickey Support 51