LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software

411

412

413

414

415

416

417

418

419

420

# options to log_facility: LOG_USER, LOG_MAIL, LOG_DAEMON, LOG_AUTH,

# LOG_SYSLOG, LOG_LOCAL0, LOG_LOCAL1,

# LOG_LOCAL2, LOG_LOCAL3, LOG_LOCAL4,

# LOG_LOCAL5, LOG_LOCAL6, LOG_LOCAL7

# options to log_level: LOG_DEBUG, LOG_INFO

#log_facility=LOG_LOCAL0

#log_level=LOG_INFO

# You can disable specific users so that they are unable to log in

# through the LDAP server by uncommenting the "disable_uid_range"

# flag and adding the UID numbers you want to disable. For example:

# disable_uid_range=0-100,120,300-400

# Note: The list of UID numbers must be on one line and the maximum

# number of ranges is 20. The system will ignore the typos and white spaces.

#disable_uid_range=0

# You can set the user password to be returned as any string (consisting

# of characters from the encrypted password and the "*" character) instead

# of "*" when the password is hidden. By returning something other than "*"

# for the hidden password, along with a specific pam_ldap configuration,

# r-commands such as rlogin will work with ldap users on the equivalent

# remote host. Since the password field of each /etc/passwd entry

# contains an "x" when supporting shadow password, the example provided

# below sets the return password to "x".

# The default setting is to return "*" for hidden password.

# Warning:

# Setting the user password to be returned as any string for the hidden

# password could allow users with active accounts on a remote host to

# rlogin to the local host on to a disabled account.

#password_as="x"

# You can use the following configuration to specify initial Trusted Mode

# auditing for LDAP users. "0" will tell LDAP-UX to set initial auditing

# to be "off" for all LDAP users logging into this HP-UX client system, "1"

# will set initial auditing to be "on". You can change auditing by using

# "audusr -a/-d" (see "audusr" manual page).

# Note: Setting "initial_ts_auditing=1" will not enable auditing unless

# you have already started the auditing system, which can be done using

# SAM or "audsys -n" (see "audsys" manual page).

#initial_ts_auditing=0

# You can use the following configuration to specify which keytab file to

# use. If you don't specify a keytab file here, then the default keytab

# file will be used. The default is /etc/krb5.keytab or the one specified

# in /etc/krb5.conf file.

# Note: The following line is just an example. If your keytab file for

# LDAP-UX is not /etc/opt/ldapux/ldapux.keytab, you need to replace it

# with the one you want.

#kerberos_keytab_file=/etc/opt/ldapux/ldapux.keytab

# To use case insensitive matching for the netgroup service, for the

# innetgr() API, uncomment the line below.

#netgroup_case_ignore=1

# startTLS triggers a TLS negotiation with the communications layer

# of the LDAP Directory Server, allowing channel-level encryption

# for data security purposes.

# LDAP-UX performs a startTLS operation to establish TLS connection

# through an unencrypted port such as 389. Please reference to LDAP-UX

# administrator's guide and RFC2830 for more detailed information.

# By default startTLS is disabled. The support of startTLS

# extended operation is enabled when enable_startTLS is set to 1.

# To disable the feature, please set the value of enable_startTLS option

# to 0 or comment out the option.

# PLEASE READ

C.3 ldapux_client.conf file after autosetup configuration 415