LDAP-UX Client Services B.05.00 with Microsoft Windows Active Directory Server Administrator's Guide (obsolete beyond B.05.00)

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

Name: ldapserver.example.com

Address: 192.168.1.1

2.4.6.3 SSL/TLS ciphers

The SSL/TLS protocols support a variety of different cryptographic algorithms called ciphers for

use in operations such as authenticating the server and client to each other, transmitting certificates,

and establishing session keys. When an LDAP client connects to a directory server, the server

usually picks the strongest cipher supported by both client and server. Clients and servers may

support different cipher suites, or sets of ciphers, depending on a variety of factors. The ciphers

currently supported by LDAP-UX are listed in Table 3 (page 52).

Table 3 Supported ciphers

Message

authenticationKey lengthEncryptionKey exchangeVersion

MD5 (Message Digest

algorithm)

128RC4 (Rivest

encryption)

RSA (A public-key

algorithm for both

encryption and

authentication)

SSL3 and TLS

SHA1 (Secure Hash

Algorithm)

1683DES (Data Encryption

Standard applied

three times)

RSASSL3 and TLS

SHA156DES (Data Encryption

Standard)

RSASSL3 and TLS

MD540RC4RSASSL3 and TLS

MD540RC2RSASSL3 and TLS

SHA156RC4RSA (1024–bit public

key)

TLS

SHA156DESRSA (1024–bit public

key)

TLS

If vulnerabilities are discovered in cipher systems, administrators can use this list to determine

whether the cited vulnerabilities might affect their systems. If a cipher with a known vulnerability

is indeed being used, the appropriate administrator can disable the cipher in the central directory

server (not in LDAP-UX). For information about managing available ciphers for use with HP-UX

Directory Server, see the HP-UX Directory Server administrator guide.

2.5 Post-installation configuration tasks

This section includes tasks you can perform after performing your guided or customized installation.

2.5.1 Importing name service data into your directory

The next step is to import your user, group, and other services data into your Active Directory.

When planning to import your data, consider the following:

• If you are using NIS, the LDAP-UX migration scripts take your NIS maps and generate LDIF

files. These scripts can then import the LDIF files into your directory, creating new entries in

the directory.

If you are not using NIS, the LDAP-UX migration scripts can take your user, group, and other

data from files, generate LDIF, and import the LDIF into your directory to work with Windows

Services for Unix.

• If you integrate the name service data into your directory, the migration scripts may be helpful

depending on where you put the data in your directory. You could use them just to generate

52 Installing LDAP-UX Client Services