Manualshelf

LDAP-UX Client Services B.05.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
11121314151617181920
Table 1-1 Examples of commands and subsystems that use PAM and NSS (continued)
Commands that use PAM and NSSCommands that use NSS
who
whoami
1 These commands enumerate the entire passwd or group database, which may reduce network and directory server
performance for large databases.
2
nsquery is a contributed tool included with the ONC/NFS product. For more information, see the nsquery(1)
manpage.
After you install and configure an LDAP directory and migrate your name service data into it,
HP-UX client systems locate the directory from a start-up file. As shown in Figure 1-4, the start-up
file tells the client system how to download a configuration profile from the LDAP directory.
The configuration profile is a directory entry containing configuration information common to
many clients. Storing it in the directory allows you to maintain it in one place and share it among
many clients rather than storing it redundantly across clients. Because the configuration
information is stored in the directory, each client simply needs to know where its profile is, which
is indicated by the start-up file. Each client downloads the configuration profile from the specified
directory.
The configuration profile is an entry in the directory containing details on how clients are to
access the directory, such as:
Where and how clients should search the directory for user, group, and other name service
information.
How clients should bind to the directory: anonymously or as a proxy user. Anonymous
access is simplest and used most often because most data in the directory server is not
considered confidential. However, sometimes directory administrators do not allow
anonymous access, in which case a proxy user is created to represent the OS and its users.
With a proxy user, the OS can be granted access to the data in the directory server. This
identity (user ID and password) is stored in the /etc/opt/ldapux/pcred file. Additionally,
in some instances, administrators may wish to define an administrator proxy credential.
This credential is used to represent administrators of the HP-UX OS, and is often used when
NIS public keys are managed in the directory server. The administrator credential (user ID
and password) is stored in the /etc/opt/ldapux/acred file.
NOTE: The user credentials are stored in the pcred and acred files, including the
password. While these credentials are not visible as plain text, the pcred and acred files
are not encrypted. Access must be restricted to these files.
Other configuration parameters such as search time limits.
18 Introduction