HP UX LDAP-UX Integration Software manual Benefits of Integration, Common Authentication

Page 11

Benefits of Integration

Integrating HP-UX account management and authentication with Windows 2000 benefits system administrators and end-users in three major ways:

Common Authentication

With the integration, both Windows 2000 users and HP-UX users are authenticated by Windows 2000 Kerberos Services. This provides the benefit of common authentication.

Common authentication in a heterogeneous environment is a big advantage. Every user gains system access using the same authentication method. A system administrator can easily enforce login process and password policies across two platforms, but also allows users to use just one password to access all systems. Both system security and usability can improve with common authentication.

Common Data Repository

The integration allows Active Directory to serve as a central data repository for both Windows 2000 and HP-UX account information. This simplifies an administrator’s job tremendously. He/she just has to administer one database for all users and groups, which can significantly minimize the maintenance cost and prevent errors resulting from databases not being synchronized.

Single Point of Account Management

Integrating common authentication and common data repository provides a single point of account management to system administrators. In an enterprise environment with thousands of users, this is very critical to the success of keeping all accounts current. Another benefit is that system adiminstrators can be sure that when a user is added/removed that he/or she is granted/denied access to all systems. A good example is when a person leaves the company. By removing him/her from one database, administrators have removed all access for that operson.

11

Page 10 Page 12
Image 11
Page 10 Page 12
Contents White Paper Copyright Notices Legal NoticesIntroduction PAM Kerberos HP-UX and Windows 2000 Integration ProductsPAM and NSS Active Directory AD Kerberos ServicesServices for Unix SFU WindowsNIS Server Windows 2000 Server How HP-UX and Windows 2000 Products IntegrateNIS Integration HP-UX ClientNIS+PAMKerberos HP-UX client Ldap + PAMKerberos HP-UX Client Windows 2000 Server Ldap IntegrationHP-UX Client Windows 2000 Server NIS vs. Ldap Integration Single Point of Account Management Common AuthenticationBenefits of Integration Common Data RepositoryAdd an account for HP-UX client machine to AD Configuring Windows 2000 and HP-UX Using NIS IntegrationInstall Active Directory into your Windows 2000 server Install SFU 2.0, including Server for NISPAM Kerberos Configuration NIS Client ConfigurationAdd a host key to the /etc/krb5.keytab file Add the Kerberos services to /etc/servicesCreate /etc/krb5.conf Synchronize the HP-UX clock to the Windows 2000 clock Change /etc/pam.conf to use PAM KerberosPassword sufficient /usr/lib/security/libpamunix.1 Active Directory Configuration Configuring Windows 2000 and HP-UX Using Ldap IntegrationSoftware Installation Verify profile cache LDAP-UX Client Services ConfigurationRun the setup tool Change Name Service Switch NSS to use Ldap Configure a proxy userSecurity Add and delete user accounts AdministrationAdd and delete groups Login procedure Manage account and password policiesPassword expiration User forced to change passwordMigration Appendix a Setting a Proxy User’s Access Rights Read memberUid Read msSFUPassword Read msSFUName
Related manuals
Manual 214 pages 54.35 Kb Manual 65 pages 7.83 Kb
Top Page Image Contents