LDAP-UX Client Services B.05.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

191

192

193

194

195

196

197

198

199

200

With the LDAP-UX guided installation, and the HP-UX Directory Server, setting up this trust

framework is nearly automatic (for more information about this trust framework, see

Section 2.3.2.3 (page 33)). When using the guided installation, LDAP-UX generates a server

certificate software depot file. This depot file can be installed on each host being managed, and

once installed, will establish trust with that central directory server.

As a depot file, this certificate can be pre-distributed as part of an OS installation image, combining

the installation and trust setup processes into a single step. In Figure 6-2 (page 195), an HP-UX

Ignite server is shown with an HP-UX image and CA certificate. This certificate is distributed

automatically to all hosts (this figure shows hosts named Host A and Host B) to establish trust

with the LDAP directory server shown. This directory server stores and manages the host public

keys for Host A and Host B.

Figure 6-2 ssh host key management trust framework

LDAP Server

HostA

Host A

HostB

Host B

Including the LDAP_UX domain CA certificate in

installation images allows OS instances to pre-

establish direct trust with the directory server

and indirectly with all other OS instances.

LDAP-UX domain

CA certificate

Ignite-UX Server

LDAP-UX uses the sshPublicKey attribute as part of the ldapPublicKey objectclass to

manage ssh public keys in the directory server. The ldapPublicKey objectclass is an auxiliary

objectclass, which can be attached to host entries in the LDAP directory server. Because hosts

accessible through the ssh protocol have an IP address, the ipHost structural objectclass is used

to instantiate this host information in the directory server.

The following example shows an example of a host entry, displayed in LDIF format:

dn: cn=brewer,ou=Hosts,dc=mydomain,dc=example,dc=com

objectClass: top

objectClass: device

objectClass: ldapPublicKey

objectClass: iphost

objectClass: domainEntity

sshPublicKey: ssh-rsa AAAAB3Nza...

sshPublicKey: ssh-dss AAAAB3Nza...

sshPublicKey: 1024 35 140898...

owner: uid=domadmin,ou=people,dc=mydomain,dc=example,dc=com

ipHostNumber: 16.92.96.116

cn: hptem079

6.1 Overview 195