Manualshelf

LDAP-UX Client Services B.04.15 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
12345678910
4.4.1 Examples.................................................................................................................................78
4.4.2 Group Attribute Mappings.....................................................................................................79
4.5 Number of Group Members Returned............................................................................................80
4.6 Number of Groups Returned for a Specific User............................................................................80
4.7 Performance Impact for Dynamic Groups......................................................................................81
4.7.1 Enabling/Disabling enable_dynamic_getgroupsbymember...................................................81
4.8 Configuring Dynamic Group Caches..............................................................................................81
5 Administering LDAP-UX Client Services......................................................................83
5.1 Using The LDAP-UX Client Daemon..............................................................................................83
5.1.1 Overview.................................................................................................................................83
5.1.2 ldapclientd...............................................................................................................................84
5.1.2.1 Starting the client............................................................................................................84
5.1.2.2 Controlling the client.......................................................................................................84
5.1.2.3 Client Daemon performance...........................................................................................84
5.1.2.4 Command options...........................................................................................................84
5.1.2.5 Diagnostics......................................................................................................................85
5.1.2.6 Warnings.........................................................................................................................85
5.1.3 ldapclientd.conf.......................................................................................................................85
5.1.3.1 Missing settings...............................................................................................................85
5.1.3.2 Configuration file syntax.................................................................................................85
5.1.3.2.1 Section details..........................................................................................................86
5.1.3.3 Configuration File...........................................................................................................91
5.2 Integrating with Trusted Mode.......................................................................................................91
5.2.1 Overview.................................................................................................................................91
5.2.2 Features and Limitations.........................................................................................................92
5.2.2.1 Auditing..........................................................................................................................92
5.2.2.2 Password and Account Policies.......................................................................................92
5.2.2.3 PAM Configuration File..................................................................................................93
5.2.2.4 Others..............................................................................................................................93
5.2.3 Configuration Parameter.........................................................................................................93
5.3 PAM_AUTHZ Login Authorization ..............................................................................................94
5.3.1 Policy And Access Rules.........................................................................................................94
5.3.2 How Login Authorization Works...........................................................................................94
5.3.3 PAM_AUTHZ Supports Security Policy Enforcement...........................................................96
5.3.3.1 Authentication using LDAP............................................................................................96
5.3.3.2 Authentication with Secure Shell (SSH) and r-commands.............................................96
5.3.4 Policy File................................................................................................................................97
5.3.5 Policy Validator.......................................................................................................................98
5.3.5.1 An Example of Access Rule Evaluation..........................................................................98
5.3.6 Dynamic Variable Support......................................................................................................98
5.3.7 Constructing an Access Rule in pam_authz.policy.................................................................99
5.3.7.1 Fields in an Access Rule..................................................................................................99
5.3.8 Static List Access Rule...........................................................................................................102
5.3.9 Dynamic Variable Access Rule .............................................................................................103
5.3.9.1 Supported Functions for Dynamic Variables................................................................103
5.3.9.2 Examples.......................................................................................................................104
5.3.10 Security Policy Enforcement with Secure Shell (SSH) or r-commands...............................105
5.3.10.1 Security Policy Enforcement Access Rule ..................................................................105
5.3.10.1.1 An Example of Access Rules...............................................................................106
5.3.10.2 Setting Access Permissions for Global Policy Attributes............................................106
5.3.10.3 Configuring PAM Configuration File..........................................................................107
5.3.10.4 Evaluating the Netscape/Red Hat Directory Server Security Policy...........................107
5.3.10.5 PAM Return Codes .....................................................................................................107
Table of Contents 5