LDAP-UX Client Services B.04.10 with Microsoft Windows Active Directory Server Administrator's Guide
Figure 1-2 A Simplified LDAP-UX Client Services Environment
LDAP Requests
LDAP-UX client
LDAP-UX client
Replicates
Active Directory
Domain Controller
Replicates
Active Directory
Domain Controller
LDAP-UX Client Services for Microsoft Windows 2000, 2003 or 2003 R2 Active Directory supports
the passwd and group name service data. Refer to the LDAP-UX Integration B.04.10 Release Notes
for any additional supported services.
How LDAP-UX Client Services Works
LDAP-UX Client Services leverage the authentication mechanism provided in the Pluggable
Authentication Module (PAM), and the naming services provided by the Name Service Switch
(NSS). Refer to pam(3), pam.conf(4), and Managing Systems and Workgroups at
http://docs.hp.com/hpux/os for information on PAM. For information on NSS, refer to switch(4)
and "Configuring the Name Service Switch" in Installing and Administering NFS Services at
http://docs.hp.com/hpux/communications/#NFS.
These extensible mechanisms allow new authentication methods and new name services to be
installed and used without changing the underlying HP-UX commands. In particular, PAM
architecture now supports Kerberos authentication, which allows integration of HP-UX account
management in Windows 2000 or 2003.
Kerberos, an industry standard for network security, is seamlessly integrated in the Windows 2000
or 2003 operating system through the automatic configuration of Active Directory domain
controllers to provide Kerberos with authentication services. This enables Windows 2000 or 2003
to authenticate Kerberos clients regardless of what platform they reside. The following figure
illustrates the integration between HP-UX and Windows 2000 for SFU (Windows Services for
Unix) version 2.0.
20 Introduction