LDAP-UX Client Services B.05.00 Administrator's Guide
18. Configure the Name Service Switch (NSS).
Save a copy of the file /etc/nsswitch.conf and edit the original to specify the LDAP
name service and other name services you want to use. See /etc/nsswitch.ldap for a
sample. You may be able to just copy /etc/nsswitch.ldap to /etc/nsswitch.conf.
See nsswitch.conf(4) for more information.
19. Optionally, configure the Pam Authorization Service module (PAM_AUTHZ).
LDAP-UX Client Services provides a sample configuration file, /etc/opt/ldapux/
pam_authz.conf.template. This sample file shows you how to configure the policy file
to work with PAM_AUTHZ. You can copy this sample file and edit it using the correct
syntax to specify the access rules you wish to authorize or exclude from authorization. For
more detailed information on how to configure the policy file. See Section 5.3 (page 140).
The sample /etc/pam.conf file in the pam.conf(4) manpage will help show you how to
configure the /etc/pam.conf file to work with PAM_AUTHZ. For more detailed
information about PAM_AUTHZ, see the pam_authz(5) manpage.
20. Optionally configure the disable_uid_range flag, as described in Section 2.5.6.1 (page 106).
You can also use pam_authz or the deny_local option (in PAM_LDAP) to disable system
access for accounts defined in LDAP. For more information, about the pam_authz service
module, see Section 5.3 (page 140) or the pam_authz(5) manpage. For information about the
deny_local option, see Section 2.5.6.2 (page 107).
21. “Verifying the LDAP-UX Client Services” (page 92).
22. Configure subsequent clients by running setup on those clients and specifying an existing
configuration profile. Or for a simpler process see Section 2.5.7 (page 112).
72 Installing and configuring LDAP-UX Client Services