LDAP-UX Client Services B.04.10 Administrator's Guide (edition 7)

If the serviceAuthenticationMethod:keyserv:sasl/digest-md5 entry is added

to the profile entry in the LDAP directory, you can see the following information when you

run the display_profile_cache tool:

serv-auth: keyserv:sasl/digest-md5

auth opts: username: uid

realm:

For subsequent LDAP-UX client systems that share the same profile configuration, use the

following steps to download and activate the profile:

1. Login as root.

2. Go to /opt/ldapux/config:

cd /opt/ldapux/config

3. Use /opt/ldapux/config/get_profile_entry to download the modified LDIF profile:

./get_profile_entry -s nss

4. Run the /opt/ldapux/config/display_profile_cache tool to check the configuration

of the serviceAuthenticationMethod attribute:

./display_profile_cache

5. Restart the LDAP-UX Client daemon, ldapclientd, if you change the authentication

method from non-SSL to SSL. Otherwise, skip this step.

Configuring Name Service Switch

Configure the Name Service Switch (NSS) to enable the LDAP support for publickey.

You can save a copy of /etc/nsswitch.conf file and modify the original to add ldap support

to the publickey service. See /etc/nsswitch.ldap for a sample.

The following shows the sample file, /etc/nsswitch.ldap:

passwd: files ldap

group: files ldap

hosts: dns files ldap

networks: files ldap

protocols: files ldap

rpc: files ldap

publickey: ldap [NOTFOUND=return] files

netgroup: files ldap

automount: files ldap

aliases: files

services: files ldap

Configure LDAP-UX Client Services with Publickey Support 55