Manualshelf

LDAP-UX Client Services B.05.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
61626364656667686970
you wish to use the Pam Authorization Service module (PAM_AUTHZ) for user access
control?
PAM provides authentication services. You can configure PAM to use LDAP, Kerberos, or
other traditional UNIX locations (for example files, NIS, NIS+) as controlled by NSS. For
more information about PAM, see the pam(3) and pam.conf(4) manpages, and the Managing
Systems and Workgroups: A Guide for HP-UX System Administrators document at the following
location:
www.hp.com/go/hpux-core-docs (click HP-UX 11i v2)
HP recommends that you use HP-UX file-based authentication first, followed by LDAP or
other authentication. The /etc/pam.ldap file is an example of this type of configuration.
With this configuration, PAM uses traditional authentication first, searching /etc/passwd
when any user logs in, then attempts to authenticate to the directory if the user is not in
/etc/passwd. If you have a few users in /etc/passwd, in particular the root user, and if
the directory is unavailable, you can still log in to the client as a user in /etc/passwd.
Do you want to use TLS (Transport Layer Security) or SSL for secure communication between
clients and the directory server?
LDAP-UX supports SSL or TLS with password as the credential, using either simple bind
or DIGEST-MD5 authentication to ensure confidentiality and data integrity between clients
and servers. startTLS is a new extension operation of TLS protocol. You can use the StartTLS
operation to set the TLS secure connection over a regular (un-encrypted) LDAP port. The
secure connection can also be established on an encrypted LDAP port when using SSL. By
default, SSL and TLS are disabled. For detailed information, see Section 2.4.6 (page 79).
What authentication method will you use when you choose to enable TLS?
You have a choice between SIMPLE (the default), or SASL/GSSAPI, or SASL/DIGEST-MD5.
SASL/GSSAPI is only supported for LDAP-UX used with Windows ADS.
What authentication method will you use if you choose to enable SSL?
You have a choice between SIMPLE (the default), or SASL/GSSAPI, or SASL/DIGEST-MD5.
SASL/GSSAPI is only supported for LDAP-UX used with Windows ADS.
What authentication method will you use if you choose not to enable SSL and TLS?
You have a choice between SIMPLE (the default), or SASL/GSSAPI, or SASL/DIGEST-MD5.
SASL/ DIGEST-MD5 improves security, preventing snooping over the network during
authentication. SASL/GSSAPI is only supported for LDAP-UX used with Windows ADS.
Using the DIGEST-MD5 authentication may require that the password be stored in clear
text in the LDAP directory server.
Do you want to import the LDAP printer schema (if you choose to start the printer
configurator)?
LDAP-UX Client Services B.03.20 or later provides the integration with the LDAP printer
configurator to simplify the LP printer management by updating LP printer configuration
automatically on your HP-UX system. A new printer schema, which is based on RFC 3712,
is required to start the services.
62 Installing and configuring LDAP-UX Client Services