Manualshelf

LDAP-UX Client Services B.04.15 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
11121314151617181920
Figure 1-2 A Simplified LDAP-UX Client Services Environment
LDAP-UX Client Services supports the following name service data: passwd, groups, hosts, rpc,
services, networks, protocols, publickeys, automount, netgroup. See the LDAP-UX Integration
B.04.10 Release Notes for any additional supported services.
1.1.1 How LDAP-UX Client Services Works
LDAP-UX Client Services works by leveraging the authentication mechanism provided in the
Pluggable Authentication Module, or PAM, and the naming services provided by the Name
Service Switch, or NSS. See pam(3), pam.conf(4), and Managing Systems and Workgroups at
http://docs.hp.com/hpux/os for information on PAM. For information on NSS, see switch(4) and
"Configuring the Name Service Switch" in Installing and Administering NFS Services at
http://docs.hp.com/hpux/communications/#NFS.
These extensible mechanisms allow new authentication methods and new name services to be
installed and used without changing the underlying HP-UX commands. And, by supporting the
PAM architecture, the HP-UX client becomes truly integrated in the LDAP environment. The
PAM_LDAP library allows the HP-UX system to use the LDAP directory as a trusted server for
authentication. This means that passwords may not only be stored in any syntax but also means
that passwords may remain hidden from view (preventing a decryption attack on the hashed
passwords). Because passwords may be stored in any syntax, HP-UX will be able to share
passwords with other LDAP-enabled applications.
With LDAP-UX Client Services B.03.20 or later versions, the client daemon, ldapclientd,
becomes the center of the product. It supports all NSS backend services for LDAP and data
enumeration. It also supports PAM_LDAP for authentication and password change.
With LDAP-UX Client Services, HP-UX commands and subsystems can transparently access
name service information from the LDAP directory through ldapclientd. The following table
shows some examples of commands and subsystems that use PAM and NSS:
Table 1-1 Examples of Commands and Subsystems that use PAM and NSS
Commands that use PAM and NSSCommands that use NSS
loginls
passwdnsquery
1
ftpwho
suwhoami
rloginfinger
2
telnetid
dtloginlogname
16 Introduction