LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
2.4.6.2 Steps for configuring LDAP-UX Client Services with SSL or TLS support.......................80
2.4.6.3 Adjusting the peer certificate policy.....................................................................81
2.4.6.3.1 Modifying preferredServerList in the LDAP-UX profile .......................................82
2.4.6.4 Creating certificate database files using the certutil utility........................................82
2.4.6.5 SSL/TLS ciphers.................................................................................................84
2.4.7 Configuring LDAP-UX Client Services with NIS publickey support.....................................85
2.4.7.1 HP-UX Enhanced Publickey-LDAP software requirement.............................................85
2.4.7.2 Extending the NIS publickey schema into your directory..........................................85
2.4.7.3 Admin Proxy user...............................................................................................86
2.4.7.3.1 Configuring an Admin Proxy user by using ldap_proxy_config..........................86
2.4.7.3.2 Password for an Admin Proxy user................................................................86
2.4.7.4 Setting ACI for key management..........................................................................86
2.4.7.4.1 Setting ACI for an Admin Proxy user.............................................................86
2.4.7.4.2 Setting ACI for a user.................................................................................87
2.4.7.5 Configuring the serviceAuthenticationMethod attribute............................................87
2.4.7.5.1 Authentication methods................................................................................87
2.4.7.5.2 Procedures used for configuring the serviceAuthenticationMethod attribute.........88
2.4.7.6 Configuring NSS...............................................................................................89
2.5 Postinstallation configuration tasks.......................................................................................89
2.5.1 Importing name service data into your directory.............................................................89
2.5.1.1 Prevent user and group number collisions with those created by autosetup..................90
2.5.1.2 Steps for importing name service data into your directory........................................91
2.5.2 Verifying LDAP-UX Client Services................................................................................91
2.5.3 Enabling AutoFS support............................................................................................94
2.5.3.1 Automount schemas............................................................................................94
2.5.3.1.1 automount schema based on RFC 2307-bis.....................................................94
2.5.3.1.2 nisObject automount schema........................................................................95
2.5.3.2 Attribute mappings between RFC 2307-bis and nisObject schema............................96
2.5.3.3 Configuring NSS to enable LDAP support for AutoFS..............................................97
2.5.3.4 Configuring automount caches............................................................................97
2.5.3.5 AutoFS migration scripts......................................................................................97
2.5.3.5.1 Environment variables..................................................................................98
2.5.3.5.2 General syntax for migration scripts..............................................................98
2.5.3.5.3 migrate_automount.pl script.........................................................................98
2.5.3.5.4 migrate_nis_automount.pl script....................................................................99
2.5.3.5.5 migrate_nisp_autofs.pl script......................................................................100
2.5.4 Enabling offline longterm credential caching for authentication when the directory server
is unavailable..................................................................................................................101
2.5.4.1 How the offline cache works..............................................................................101
2.5.4.2 Configuring the offline cache............................................................................102
2.5.5 Enabling integrated Compat Mode to control name services and user logins...................102
2.5.5.1 Overview........................................................................................................102
2.5.5.2 Netgroups in LDAP...........................................................................................103
2.5.5.3 Configuring integrated Compat Mode................................................................103
2.5.5.3.1 Limitations................................................................................................104
2.5.6 Controlling user access to the system through LDAP......................................................104
2.5.6.1 Using the disable login flag to prevent access to the local system by unwanted users
................................................................................................................................105
2.5.6.2 Using the deny_local option to prevent access to the local system by unwanted
users.........................................................................................................................105
2.5.6.3 Configuring PAM_LDAP authentication to ignore specific users...............................108
2.5.7 Configuring subsequent client systems........................................................................110
2.5.8 Downloading the profile periodically.........................................................................111
2.5.9 Enabling use of r-commands for PAM_LDAP................................................................112
4 Contents