Manualshelf

LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
71727374757677787980
16. After entering all the configuration information, setup extends the schema, creates a new
profile, and configures the client to use the directory.
17. Configure PAM.
Save a copy of the file /etc/pam.conf and edit the original to specify LDAP authentication
and other authentication methods you want to use. See /etc/pam.ldap for a sample (see
also Section D.1 (page 421)). You could just copy /etc/pam.ldap to /etc/pam.conf. For
more information about PAM, see the pam(3) and pam.conf(4) manpages. In addition, see
the document Managing Systems and Workgroups: A Guide for HP-UX System Administrators
at the following location:
www.hp.com/go/hpux-core-docs (click HP-UX 11i v2)
NOTE: The options defined in /etc/pam.conf specify the default for users. If you want
to apply different PAM rules to specific users, you may also configure the pam_user.conf
file accordingly. For more information, see the pam_user.conf(4) manpage. For an example
of a pam_user.conf file, see Section 2.5.6.3 (page 108).
18. Configure NSS.
Save a copy of the file /etc/nsswitch.conf and edit the original to specify the LDAP
name service and other name services you want to use. See /etc/nsswitch.ldap for a
sample. You could just copy /etc/nsswitch.ldap to /etc/nsswitch.conf. See
nsswitch.conf(4) for more information.
19. Optionally, configure the Pam Authorization Service module (PAM_AUTHZ).
LDAP-UX Client Services provides a sample configuration file, /etc/opt/ldapux/
pam_authz.conf.template. This sample file shows you how to configure the policy file
to work with PAM_AUTHZ. You can copy this sample file and edit it using the correct syntax
to specify the access rules you want to authorize or exclude from authorization. For more
detailed information on how to configure the policy file. See Section 7.4 (page 199).
The sample /etc/pam.conf file in the pam.conf(4) manpage will help show you how to
configure the /etc/pam.conf file to work with PAM_AUTHZ. For more detailed information
about PAM_AUTHZ, see the pam_authz(5) manpage.
20. Optionally configure the disable_uid_range flag, as described in Section 2.5.6.1
(page 105).
You may also use pam_authz or the deny_local option (in PAM_LDAP) to disable system
access for accounts defined in LDAP. For more information, about the pam_authz service
module, see Section 7.4 (page 199) or the pam_authz(5) manpage. For information about the
deny_local option, see Section 2.5.6.2 (page 105).
21. Section 2.5.2 (page 91).
22. Configure subsequent clients by running setup on those clients and specifying an existing
configuration profile. Or for a simpler process see Section 2.5.7 (page 110).
2.4.5.2 Custom configuration
Running the setup program for a quick configuration, as described previously, configures your
client using default values where possible. If you would like to customize these parameters, proceed
as follows.
If you want to use SSL or TLS, you must perform the following tasks before you run the custom
configuration. For more information about configuring SSL or TLS support, see Section 2.4.6
(page 78).
Ensure that you have installed the certificate database files, cert8.db and key3.db, on
your client system.
72 Installing and configuring LDAP-UX Client Services for an HP server environment