LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

251

252

253

254

255

256

257

258

259

260

and the HP-UX Directory Server, setting up this trust framework is nearly automatic (for more

information about this trust framework, see Section 2.3.2.3 (page 37)). When using the guided

installation, LDAP-UX generates a server certificate software depot file. This depot file can be

installed on each host being managed, and once installed, will establish trust with that central

directory server.

As a depot file, this certificate can be predistributed as part of an OS installation image, combining

the installation and trust setup processes into a single step. In Figure 17 (page 260), an HP-UX Ignite

server is shown with an HP-UX image and CA certificate. This certificate is distributed automatically

to all hosts (this figure shows hosts named Host A and Host B) to establish trust with the LDAP

directory server shown. This directory server stores and manages the host public keys for Host A

and Host B.

Figure 17 ssh host key management trust framework

LDAP Server

Host A Host B

Including the LDAP_UX domain CA certificate in

installation images allows OS instances to pre-

establish direct trust with the directory server

and indirectly with all other OS instances.

LDAP-UX domain

CA certificate

Ignite-UX Server

HostA HostB

LDAP-UX uses the sshPublicKey attribute as part of the ldapPublicKey object class to manage

ssh public keys in the directory server. The ldapPublicKey object class is an auxiliary object

class, which can be attached to host entries in the LDAP directory server. Because hosts accessible

through the ssh protocol have an IP address, the ipHost structural object class is used to instantiate

this host information in the directory server.

The following example shows an example of a host entry, displayed in LDIF format:

dn: cn=brewer,ou=Hosts,dc=mydomain,dc=example,dc=com

objectClass: top

objectClass: device

objectClass: ldapPublicKey

objectClass: iphost

objectClass: domainEntity

sshPublicKey: ssh-rsa AAAAB3Nza...

sshPublicKey: ssh-dss AAAAB3Nza...

sshPublicKey: 1024 35 140898...

owner: uid=domadmin,ou=people,dc=mydomain,dc=example,dc=com

ipHostNumber: 16.92.96.116

cn: hptem079

260 Managing ssh host keys with LDAP-UX (HP directory servers only)