LDAP-UX Integration B.04.10 Release Notes

Table Of Contents

NOTE: If publickey support with LDAP is not required in your environment, installation of

the Enhkey software bundle is not required.

Kerberos Support on HP-UX 11i v1 or v2

In order to support integration with Active Directory Server, a specific version of the

PAM-Kerberos product is required. On HP-UX 11i v1, version 1.11 or later of the PAM-Kerberos

product is required. On HP-UX 11i v2, version 1.23 or later of the PAM-Kerberos product is

required.

If you wish to also use SASL/GSSAPI for proxied authentication, version 1.3.5.03 or later of the

Kerberos Client product is required, which is a replacement for the KRB5-Client components of

the core of HP-UX OS. Kerberos Client version 1.0 was originally bundled on HP-UX 11i v1 and

v2. Kerberos Client version 1.3.5.03 is bundled on HP-UX 11i v3.

Please also note that the KRB5CLIENT product is a superior product to previous KRB5-Client

patches (such as PHSS_34990). Although patch PHSS_34990 is required, and designed to install

over the core Kerberos client patch, and it will not overwrite the KRB5CLIENT product.

Both "PAM Kerberos" (J5849AA) and "Kerberos Client" (KRB5CLIENT) products can be

downloaded from http://software.hp.com. They are available at: http://

software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=J5849AA and

http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRB5CLIENT

Installing and Configuring the LDAP-UX Client Services

This section provides basic instructions for installing and configuring the LDAP-UX Client

Services.

Installing the LDAP-UX Client Services

Use the SD-UX facility for installation. See the swinstall(1M) man page for details.

1. Log in to your system as root.

2. Run swinstall and install the LDAP-UX Client Services (LdapUxClient subproduct). It

installs the product software in /opt/ldapux and /etc/opt/ldapux directories.

3. If you require ONC publickey, ONC AutoFS, or integration with Active Directory Server,

please see the above section for details about required product versions and how to obtain

them. Install those products and/or patches for this step.

4. Install required patches listed above, if they have not been installed yet.

NOTE: Starting with the LDAP-UX product version B.03.20 or later, system reboot is not required

after installing the product. Although a reboot may be required depending on the patches that

are installed at the same time as this product

Configuring the LDAP-UX Client

If you attempt to enable SSL or TLS support with LDAP-UX, you must configure the LDAP

directory server to support SSL or TLS, and install the security databases (cert7.dbor cert8.db

and key3.db) on your client before you run the setup program. For SSL or TLS setup details,

refer to LDAP-UX Client Services Administrator’s Guide or LDAP-UX Client Services with Microsoft

Windows 2000/2003/2003 R2 Active Directory Administrator’s Guide.

If your browser does not generate cert7.db or cert8.db and key3.db security database files,

you must export the certificate (preferably the root certificate of the Certificate Authority that

signed the LDAP server’s certificate) from your certificate server as a Base64-Encoded certificate

and use the certutilutility to create the cert8.dband key3.db security database files.

Use the following steps to create the security database files:

LDAP-UX Client Services 15