Manualshelf

LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
12345678910
7.9.2 Verifying the proxy user............................................................................................242
7.9.3 Creating a new proxy user........................................................................................242
7.9.4 Changing from anonymous access to proxy access......................................................244
7.9.5 Changing from proxy access to anonymous access......................................................244
7.10 Managing the LDAP-UX configuration profile......................................................................244
7.10.1 Displaying the current configuration profile.................................................................244
7.10.2 Modifying a configuration profile.............................................................................245
7.10.2.1 Using ldapentry to modify a profile....................................................................245
7.10.2.2 Using Windows ADSI and ADSIedit to modify a profile.......................................245
7.10.3 Creating a new configuration profile.........................................................................246
7.10.4 Specifying a different profile for client use..................................................................246
7.11 Creating an /etc/krb5.keytab file.....................................................................................246
7.12 Performance considerations.............................................................................................246
7.12.1 Reducing the performance impact of enumeration and search requests...........................247
7.12.1.1 Minimizing enumeration requests for less impact on server and network
performance...............................................................................................................247
7.12.1.2 Setting search limits to reduce resource consumption and denial of service
vulnerabilities.............................................................................................................247
7.12.1.3 Setting search filters to improve enumeration performance.....................................248
7.12.2 Client daemon performance considerations................................................................248
7.12.2.1 ldapclientd caching.........................................................................................248
7.12.2.2 ldapclientd persistent connections......................................................................250
7.13 Troubleshooting.............................................................................................................251
7.13.1 Enabling and disabling LDAP-UX logging...................................................................251
7.13.2 Enabling and disabling PAM logging........................................................................252
7.13.3 Viewing log files for errors and unexpected events......................................................253
7.13.4 Troubleshooting user problem with client system logins.................................................253
8 Managing ssh host keys with LDAP-UX (HP directory servers only).................258
8.1 Overview.......................................................................................................................258
8.1.1 How it works............................................................................................................258
8.1.2 Secure framework....................................................................................................259
8.1.3 Permissions..............................................................................................................261
8.1.4 Distributed management (manage from any host).........................................................261
8.2 Setting up the key management domain............................................................................261
8.2.1 Host repository........................................................................................................262
8.2.2 Data location.........................................................................................................262
8.2.3 Trust......................................................................................................................262
8.2.4 Validating directory server identity............................................................................263
8.2.5 Authentication and access control..............................................................................263
8.2.6 Administrative users.................................................................................................264
8.3 Managing keys in the directory server...............................................................................265
8.3.1 Configuring ssh and sshd to use LDAP-managed keys...................................................266
8.3.2 Adding keys for HP-UX hosts.....................................................................................266
8.3.3 Adding keys for nonHP-UX hosts or devices.................................................................268
8.3.4 Adding keys in a batch............................................................................................268
8.3.5 Changing keys for HP-UX hosts.................................................................................269
8.3.6 Changing key size..................................................................................................269
8.3.7 Changing keys for nonHP-UX hosts............................................................................270
8.3.8 Revoking or removing keys.......................................................................................271
8.4 Managing key age.........................................................................................................271
8.4.1 Setting advisory key expiration dates.........................................................................271
8.4.2 Key auditing...........................................................................................................272
8.5 Centrally managing ssh configuration................................................................................272
Contents 9