Manualshelf

Network Security Features of HP-UX 11i v1 and 11i v2

ManualsBrandsHP ManualsSoftwareHP-UX Security Products and Features Software
21222324252627282930
Page 24
Adaptive Security Using an LDAP Directory
As enterprises grow and demands for computing resources increase, the cost of the administration of
computing systems also increases. In a highly distributed environment, local security practices and
administration methods are inconsistent, redundant, and difficult to audit. There are technologies such as
Network Information Service (NIS
1
) that attempt to address some of these issues, but they tend to provide
solutions for a limited set of applications or platforms, resulting in the administration of multiple user and
security repositories. Enterprises need a standards-based, flexible, secure, and scalable data store that
applications and services can use as a single source for authentication and retrieval of security credentials.
An industrial-grade LDAP server is ideally suited for this task.
LDAP directories already play many roles in enterprises. LDAP directories are typically used to maintain
employee or customer data. For example, many LDAP directories are used to provide an address database
for email applications. LDAP directories are also expanded to store common configuration profile
information for enterprise applications. LDAP directories have the potential to provide both centralized
and delegated administration of applications, networks, and employee data.
HP provides support for LDAP in the HP-UX operating system, allowing use of LDAP servers as both an
authentication service and a naming service. This use of LDAP provides a scalable and more powerful
alternative to NIS-type architecture. In addition to providing the Netscape Directory Server and a set of
directory integration products, other HP and HP-UX products are LDAP-enabled, include HP-UX AAA
Server, Kerberos, Common Internet File System (CIFS), and SelectAccess (Identity Management).
LDAP solutions available with HP-UX 11i are described in the following sections:
LDAP-UX Integration
LDAP-UX Client Services
NIS/LDAP Gateway
Netscape Directory Server and Novell eDirectory
Account Authorization with libpam_authz
LDAP-UX Integration
HP provides two products that facilitate integration of HP-UX and LDAP directories. These are the
LDAP-UX Client Services and the NIS/LDAP Gateway. These products together make up the LDAP-UX
Integration package.
HP-UX accounts, groups and other data can be stored in an LDAP directory using the NIS schema
defined by RFC 2307
2
, or other similar syntactic schema such as Microsoft’s Services for UNIX schema
3
.
By default, LDAP-UX integration products use the RFC2307 schema to reference entries in the directory.
Other white papers discuss the LDAP-UX Integration products in detail, such as “Directory Enabled
Computing on HP-UX, A Developers Guide”, “Preparing your LDAP Directory for HP-UX Integration
and “Installing and Administering LDAP-UX Client Services.” See “Appendix A: For More Information”
for details about obtaining additional LDAP-UX documentation.
1
NIS (Network Information Service) and PAM (Pluggable Authentication Module) are components of the ONC+™ subsystem,
developed by Sun Microsystems.
2
Howard, An Approach for Using LDAP as a Network Information Service, RFC2307, ftp://ftp.isi.edu/in-notes/rfc2307.txt
3
Microsoft, Services for Unix, http://www.microsoft.com/catalog/display.asp?site=11269&subid=22&pg=1