LDAP-UX Client Services B.05.00 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

5.9.1 Example.................................................................................................................................182

5.10 Displaying the current profile.....................................................................................................182

5.11 Creating a new configuration profile..........................................................................................183

5.12 Modifying a configuration profile...............................................................................................183

5.13 Specifying a different profile for client use.................................................................................183

5.14 Changing from anonymous access to proxy access....................................................................183

5.15 Changing from proxy access to anonymous access....................................................................184

5.16 Performance considerations.........................................................................................................185

5.16.1 Minimizing enumeration requests......................................................................................185

5.17 Client daemon performance........................................................................................................185

5.17.1 ldapclientd caching..............................................................................................................185

5.17.2 ldapclientd persistent connections......................................................................................188

5.18 Troubleshooting...........................................................................................................................189

5.18.1 Enabling and disabling LDAP-UX logging.........................................................................189

5.18.2 Enabling and disabling PAM logging.................................................................................189

5.18.3 Directory server log files......................................................................................................190

5.18.4 User cannot log on to client system.....................................................................................190

6 Managing ssh host keys with LDAP-UX....................................................................193

6.1 Overview.......................................................................................................................................193

6.1.1 How it works.........................................................................................................................193

6.1.2 Secure framework..................................................................................................................194

6.1.3 Permissions............................................................................................................................196

6.1.4 Distributed management (manage from any host)...............................................................196

6.2 Setting up the key management domain.......................................................................................196

6.2.1 Host repository......................................................................................................................197

6.2.2 Data Location.........................................................................................................................197

6.2.3 Trust.......................................................................................................................................197

6.2.4 Validating directory server identity......................................................................................198

6.2.5 Authentication and access control.........................................................................................198

6.2.6 Administrative users.............................................................................................................199

6.3 Managing keys in the directory server..........................................................................................200

6.3.1 Configuring ssh and sshd to use LDAP-managed keys........................................................201

6.3.2 Adding keys for HP-UX hosts...............................................................................................201

6.3.3 Adding keys for non-HP-UX hosts or devices......................................................................203

6.3.4 Adding keys in a batch..........................................................................................................203

6.3.5 Changing keys for HP-UX hosts...........................................................................................204

6.3.6 Changing key size.................................................................................................................204

6.3.7 Changing keys for non-HP-UX hosts....................................................................................205

6.3.8 Revoking or removing keys...................................................................................................206

6.4 Managing key age..........................................................................................................................206

6.4.1 Setting advisory key expiration dates...................................................................................207

6.4.2 Key Auditing.........................................................................................................................207

6.5 Centrally managing ssh configuration..........................................................................................207

6.5.1 Overriding central configuration..........................................................................................209

6.6 Distributing Keys to Non-HP-UX hosts........................................................................................210

7 Command and tool reference..................................................................................211

7.1 The LDAP-UX Client Services components..................................................................................211

7.2 Client management tools...............................................................................................................214

7.2.1 create_profile_entry tool........................................................................................................214

7.2.1.1 Syntax............................................................................................................................214

7.2.2 create_profile_cache tool.......................................................................................................214

Table of Contents 7