LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
authenticate to the directory if the user is not in /etc/passwd. If you have a few users in
/etc/passwd, in particular the root user, and if the directory is unavailable, you can still
log in to the client as a user in /etc/passwd.
• Do you want to use TLS (Transport Layer Security) or SSL for secure communication between
clients and the directory server?
LDAP-UX supports SSL or TLS with password as the credential, using either simple bind or
DIGEST-MD5 authentication to ensure confidentiality and data integrity between clients and
servers. startTLS is a new extension operation of TLS protocol. You can use the StartTLS
operation to set the TLS secure connection over a regular (unencrypted) LDAP port. The secure
connection can also be established on an encrypted LDAP port when using SSL. By default,
SSL and TLS are disabled. For detailed information, see Section 2.4.6 (page 78).
• What authentication method will you use when you choose to enable TLS?
You have a choice between SIMPLE (the default), or SASL/GSSAPI, or SASL/DIGEST-MD5.
SASL/GSSAPI is only supported for LDAP-UX used with Windows ADS.
For an overview of these authentication methods, including their strengths and weaknesses,
see Section 2.4.6.1 (page 79).
• What authentication method will you use if you choose to enable SSL?
You have a choice between SIMPLE (the default), or SASL/GSSAPI, or SASL/DIGEST-MD5.
SASL/GSSAPI is only supported for LDAP-UX used with Windows ADS.
• What authentication method will you use if you choose not to enable SSL and TLS?
You have a choice between SIMPLE (the default), or SASL/GSSAPI, or SASL/DIGEST-MD5.
SASL/ DIGEST-MD5 improves security, preventing snooping over the network during
authentication. SASL/GSSAPI is only supported for LDAP-UX used with Windows ADS.
Using the DIGEST-MD5 authentication might require that the password be stored in clear text
in the LDAP directory server.
• Do you want to import the LDAP printer schema (if you choose to start the printer configurator)?
LDAP-UX Client Services B.03.20 or later provides the integration with the LDAP printer
configurator to simplify the LP printer management by updating LP printer configuration
automatically on your HP-UX system. A new printer schema, which is based on RFC 3712, is
required to start the services.
IMPORTANT: If you attempt to use this new feature, in the ldapclientd.conf file, the
start configuration parameter of the printer services section must be set to yes. If the start
option is enabled, the printer configurator will start when ldapclientd is initialized. By
default, the start parameter is enabled.
• Do you want to import the NIS publickey schema into your LDAP directory if you choose to
store and manage NIS publickeys in the LDAP directory.
LDAP-UX Client Services supports discovery and management of NIS publickeys in an LDAP
directory. Both public and private (secret) keys used by the SecureRPC API can be stored in
user and host entries in an LDAP directory server, using the nisKeyObject object class.
• Do you want to import the automount schema into your LDAP directory server if you choose
to store and manage automount maps in the LDAP directory?
LDAP-UX Client Services supports the automount service under the AutoFS subsystem. This new
feature enables you to store or retrieve automount maps in/from an LDAP directory. LDAP-UX
Client Services supports the new automount schema based on RFC 2307-bis. The nisObject
automount schema may also be used if configured through attribute mappings.
For the detailed information about AutoFS with LDAP support, see Section 2.5.3 (page 94).
2.4 Customized installation (setup) for an HP directory server environment 63