Manualshelf

LDAP-UX Client Services B.05.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
11121314151617181920
www.hp.com/go/hpux-networking-docs
These extensible mechanisms allow new authentication methods and new name services to be
installed and used without changing the underlying HP-UX commands. In addition, by supporting
the PAM architecture, the HP-UX client is fully integrated into the LDAP environment. The
PAM_LDAP library allows the HP-UX system to use the LDAP directory as a trusted server for
authentication as well as for centralized password and account policy management. This allows
passwords to be stored in any syntax and to remain hidden from view (preventing a decryption
attack on the passwords). Because passwords can be stored in any syntax, HP-UX can share
passwords with other LDAP-enabled applications, and passwords on LDAP accounts are not
subject to an 8-character limitation.
As shown in Figure 1-3, the client daemon ldapclientd is the nucleus of the product. It
enables LDAP-UX clients to work with LDAP directory servers, and it supports all NSS backend
services for LDAP and data enumeration. It also supports PAM_LDAP for authentication and
password change.
Figure 1-3 ldapclientd and the LDAP-UX Client Services environment
ls, who, etc.login, ftpd, etc.
LDAP Client Requests
LDAP Directory Server
LDAP C SDK
ldapclientd
LDAP-UX client
NSSPAM
With LDAP-UX Client Services, and ldapclientd in particular, HP-UX commands and
subsystems can access name service information transparently from the LDAP directory. Table 1-1
(page 17) shows some examples of commands and subsystems that use PAM and NSS. In
addition, the getpwent and getgrent family of system calls obtain user and group information
from the directory (for more information, see the getpwent(3C) and getgrent(3C) manpages).
Table 1-1 Examples of commands and subsystems that use PAM and NSS
Commands that use PAM and NSSCommands that use NSS
dtloginfinger
1
ftpgrget
1
logingroups
1
passwdid
rloginlistuserslistusers
1
remshlogins
1
sulogname
telnetls
newgrp
1
nslookup
nsquery
2
pwget
1
1.1 Overview of LDAP-UX Client Services 17