LDAP-UX Client Services B.05.00 with Microsoft Windows Active Directory Server Administrator's Guide (obsolete beyond B.05.00)

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

6.3.1 How SASL/GSSAPI works...........................................................................................96

6.3.2 Proxy user................................................................................................................96

6.3.2.1 User principal....................................................................................................96

6.3.2.2 Service/host principal........................................................................................97

6.3.2.3 Configuring a principal as the proxy user..............................................................97

6.3.3 Keytab file................................................................................................................98

6.3.4 SASL/GSSAPI profile download support.......................................................................98

6.3.5 Changing authentication methods...............................................................................98

6.4 PAM_AUTHZ login authorization ........................................................................................98

6.4.1 Policy and access rules...............................................................................................99

6.4.2 How login authorization works....................................................................................99

6.4.3 PAM_AUTHZ supports security policy enforcement.......................................................100

6.4.3.1 Authentication using PAM.................................................................................100

6.4.3.2 Authentication with Secure Shell (SSH) and r-commands.......................................101

6.4.4 Policy file...............................................................................................................101

6.4.5 Policy validator.......................................................................................................101

6.4.5.1 An example of access rule evaluation.................................................................102

6.4.6 Dynamic variable support........................................................................................102

6.4.7 Constructing an access rule in the access policy file.....................................................102

6.4.7.1 Fields in an access rule.....................................................................................103

6.4.8 Static list access rule................................................................................................106

6.4.9 Dynamic variable access rule ..................................................................................107

6.4.9.1 Supported functions for dynamic variables...........................................................108

6.4.9.2 Examples........................................................................................................108

6.4.10 Security policy enforcement with Secure Shell (SSH) or r-commands..............................108

6.4.10.1 Security policy enforcement access rule .............................................................109

6.4.10.1.1 An example of access rules.......................................................................110

6.4.10.2 Configuring access permissions for global policy attributes..................................110

6.4.10.3 Configuring PAM configuration file...................................................................110

6.4.10.4 Evaluating the windows active directory server security policy..............................110

6.4.10.5 PAM return codes ..........................................................................................111

6.4.10.6 Directory Server security policies......................................................................111

6.5 Adding additional domain controllers................................................................................112

6.6 Adding users, groups, and hosts.......................................................................................113

6.7 User and group management...........................................................................................114

6.7.1 Ldap user and group command-line tools....................................................................114

6.7.2 Listing users............................................................................................................116

6.7.3 Listing groups..........................................................................................................117

6.7.4 Adding a user or a group.........................................................................................118

6.7.4.1 Examples of adding a user ...............................................................................119

6.7.4.2 Examples of adding a group.............................................................................121

6.7.4.3 Modifying defaults in /etc/opt/ldapux/ldapug.conf ...........................................121

6.7.5 Modifying a user ....................................................................................................122

6.7.6 Modifying a group..................................................................................................123

6.7.7 Deleting a user or a group........................................................................................124

6.7.7.1 Examples.........................................................................................................125

6.7.8 Checking LDAP-UX configuration ..............................................................................126

6.7.8.1 Checking if LDAP-UX is configured......................................................................126

6.7.8.2 Listing available templates................................................................................126

6.7.8.3 Discovering required attributes...........................................................................127

6.7.8.4 Displaying configuration defaults.......................................................................127

6.7.8.5 Displaying the LDAP-UX profile's DN..................................................................127

6.7.8.6 Displaying default search base..........................................................................128

6.7.8.7 Displaying recommended attributes....................................................................128

6.7.8.8 Displaying attribute mapping for a specific name service......................................128

6 Contents