Network Security Features of HP-UX 11i v1 and 11i v2
Page 26
by the NIS/LDAP Gateway (also known as YPLDAP.) The ypldapd daemon converts the NIS RPCs
into similar LDAP search operations and then converts the response back into an NIS RPC reply.
The NIS/LDAP Gateway is easy to deploy in environments that use NIS today. In these environments, it
can replace existing NIS servers, as shown in Figure 5 below. An LDAP server plays the role of an NIS
master server, while YPLDAP servers replace the NIS slave servers.
Figure 5: YPLDAP can replace existing NIS servers
The NIS/LDAP Gateway is available on Software Depot as part of the LDAP-UX Integration package.
NIS/LDAP Gateway Features
The key features and benefits of the NIS/LDAP Gateway are:
• Compatible with RFC2307 scheme for storing POSIX account and administration data in an LDAP
directory
• ypldapd caches NIS data, maintaining good system performance
• ypldapd emulates ypserv, letting NIS clients begin using the LDAP directory without modification
Account Authorization with libpam_authz
The libpam_authz library provides login authorization which can be used in addition to the
authentication service provided by other PAM libraries.
libpam_authz decides to allow or deny login
based on netgroup membership, similar to NIS netgroup filtering in
/etc/passwd.
Since
pam_authz only provides authorization rights, pam_authz must be use in combination with other
pam libraries that provide authentication, such as
pam_ldap and pam_kerberos. For additional details
on NIS netgroup filtering see the
passwd(4) man page. For additional information on libpam_authz,
see
man pam_authz(5).
Netscape Directory Server
Netscape Directory Server for HP-UX provides an industry standard centralized directory service on
which to build your intranet or extranet. Directory-enabled applications use the directory service as a
common, network-accessible location for storing shared data such as user and group identification, server