Manualshelf

Network Security Features of HP-UX 11i v1 and 11i v2

ManualsBrandsHP ManualsSoftwareHP-UX Security Products and Features Software
21222324252627282930
Network Security Features of HP-UX 11i
Page 25
Integration with Windows
The LDAP-UX integration is flexible in design and contains a Microsoft-compatible configuration
profile. LDAP-UX products are certified against the Windows 2000 Active Director Server (ADS). In
addition, they support Microsoft Services for UNIX schema version 2.0 and 3.0.
You can use LDAP-UX in combination with PAM Kerberos to integrate HP-UX systems into Windows
2000 environments. LDAP-UX also lets you easily manage shared HP-UX and Windows groups.
LDAP-UX now supports the X.500 “member” and “uniquemember” syntax. Therefore, you do not need
to maintain dual lists of Posix users (memberUid) and Windows users (member). LDAP-UX also includes
support for logging into an HP-UX system from any domain in a forest.
LDAP-UX Client Services
The LDAP-UX Client Services product provides both an LDAP-based Pluggable Authentication Module
(PAM) and a Name Service Switch (NSS) module. These two modules provide seamless integration
between HP-UX. The Kerberos libraries also include a Pluggable Authentication Module (PAM) that
allows PAM enabled utilities, such as login to use Kerberos as the authentication provider. LDAP-UX
Client Services are available on Software Depot as part of the LDAP-UX Integration package.
LDAP-UX Client Services Features
The key features and benefits of LDAP-UX Client Services are:
NativeLdapClient: Provides native access to the directory server.
Name Service Switch (NSS) Access to LDAP Entries: Lets commands and applications that use
the standard UNIX name service library calls (such as
getpwnam) retrieve data (such as UNIX
account records) from the LDAP directory without modification.
Pluggable Authentication Module (PAM) Access to the Directory Server: Lets the LDAP
directory server handle authentication requests on behalf of the local system, providing
centralized policy management of authentication. It also seamlessly integrates LDAP entries into
authentication commands.
pam_authz: Lets the system administrator use netgroups to selectively control which users are
allowed to log in or authenticate to various services.
NisLdapClient: Provides the following tools for managing the data in the LDAP directory server.
Migration Scripts: Convert current NIS data or /etc files to LDIF files and import them into
the LDAP directory server.
Simple Command Line Administration Tools: Basic command line tools administer data in the
LDAP directory server.
Entry Management Tools: A set of contributed tools let you create or modify directory entries.
These tools modify the data in the appropriate LDAP data structures without requiring systems
administrators to memorize the structures.
NIS/LDAP Gateway
The NIS/LDAP Gateway converts NIS requests from a client into LDAP queries. It then converts and
returns the responses to the client. The NIS module is part of the NSS subsystem. NSS requests for
account, group, or other data assigned to this module are converted to NIS RPC requests and are handled