LDAP-UX Client Services B.04.10 with Microsoft Windows Active Directory Server Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

Changing Authentication methods...............................................................................................105

PAM_AUTHZ Login Authorization ..................................................................................................106

Policy And Access Rules................................................................................................................106

How Login Authorization Works..................................................................................................106

PAM_AUTHZ Supports Security Policy Enforcement..................................................................108

Authentication using LDAP.....................................................................................................108

Authentication with Secure Shell (SSH) and r-commands......................................................108

Policy File.......................................................................................................................................109

Policy Validator..............................................................................................................................110

An Example of Access Rule Evaluation...................................................................................110

Dynamic Variable Support............................................................................................................110

Constructing an Access Rule in pam_authz.policy.......................................................................111

Fields in an Access Rule...........................................................................................................111

Static List Access Rule....................................................................................................................114

Dynamic Variable Access Rule .....................................................................................................116

Supported Functions for Dynamic Variables...........................................................................116

Examples..................................................................................................................................116

Security Policy Enforcement with Secure Shell (SSH) or r-commands.........................................118

Security Policy Enforcement Access Rule ...............................................................................118

An example of Access Rules...............................................................................................119

Configuring Access Permissions for Global Policy Attributes.................................................119

Configuring PAM Configuration File......................................................................................119

Evaluating the Windows Active Directory Server Security Policy..........................................120

PAM Return Codes ..................................................................................................................120

Directory Server Security Policies............................................................................................121

Adding Additional Domain Controllers.............................................................................................122

Adding Users, Groups, and Hosts......................................................................................................122

Displaying the Proxy User's Distinguished Name.............................................................................123

Verifying the Proxy User.....................................................................................................................123

Creating a New Proxy User................................................................................................................123

Example.........................................................................................................................................124

Displaying the Current Profile............................................................................................................124

Creating a New Profile........................................................................................................................124

Modifying a Profile.............................................................................................................................124

Changing Which Profile a Client is Using..........................................................................................125

Creating an /etc/krb5.keytab File........................................................................................................125

Considering Performance Impacts......................................................................................................125

Enumeration Requests...................................................................................................................125

Search Limits..................................................................................................................................126

Search Filter...................................................................................................................................126

Client Daemon Performance...............................................................................................................126

ldapclientd Caching.......................................................................................................................127

ldapclientd Persistent Connections...............................................................................................128

Troubleshooting..................................................................................................................................128

Enabling and Disabling LDAP-UX Logging.................................................................................128

Enabling and Disabling PAM Logging..........................................................................................129

Viewing Active Directory Service Log Files..................................................................................129

User Cannot Log on to Client System...........................................................................................130

8 Modifying User Information......................................................................................133

Changing Passwords...........................................................................................................................133

Changing Personal Information..........................................................................................................133

6 Table of Contents