HP UX LDAP-UX Integration Software manual NIS Client Configuration, PAM Kerberos Configuration

Page 13

The following describes how to configure your HP-UX machine as a NIS client and use PAM Kerberos to authenticate users logging into the machine.

NIS Client Configuration

Step 1: Configure HP-UX as a NIS client.

Edit /etc/rc.config.d/namesvrs, and change the following variables: NIS_CLIENT=1

NIS_DOMAIN=nisdomain

Nisdomain is the default NIS domain created by SFU 2.0, usually it is the first domain component of your domain root. For example, if your domain root is dc=la,dc=cal,dc=com, SFU 2.0 creates a default NIS domain called la.

Step 2: Change Name Service Switch (NSS) to use NIS.

The passwd and group entries in /etc/nsswitch.conf must include the keyword nis, for example:

passwd:

files nis

group:

files nis

This tells the Name Service Switch to retrieve user account and group information firstly from the local /etc/passwd file. If this fails, then retrieve the information from an NIS server, which is Windows 2000 in our case. If your machine doesn’t have /etc/nsswitch.conf, you can create one from copying /etc/nsswitch.nis. However, in that case, you will have to decide how you want to configure other services (e.g. hosts, networks, rpc. etc).

Step 3: Start HP-UX as a NIS client.

You can start the client by doing “/sbin/init.d/nis.client start”.

PAM Kerberos Configuration

Step 1: Download and install the PAM Kerberos product.

If the OS version of your HP-UX machine is 11.00, you need to download and install PAM Kerberos product (J5849AA). It can be obtained from HP software depot web site, http://software.hp.com. After downloading the software from the web site, you use /usr/sbin/swinstall to install the product onto your HP-UX. The installation instruction can also be found from the web site. If the OS version of your HP-UX machine is 11i, unless you unselect it, PAM Kerberos is installed on your machine as part of the core operating system by default. You can also install it individually from the HP-UX 11i OS CD if needed.

The PAM Kerberos Release Note (J5849AA-90001)and Configuration Guide for Kerberos Products on HP-UX (J5849-90003) can be obtained from http://docs.hp.com/hpux/internet. These two documents provide you detailed information about the product.

If your HP-UX is 11.00, the 11.0 patch PHCO_22265 must be installed. It can be obtained from the HP Electronic Support Center at:

http://us-support.external.hp.com or

http://europe-support.external.hp.com

The patch number can be superseded at any time. The above patch number is current as of December 27, 2000. If your HP-UX machine is 11i, the above patch has been incorporated into HP-UX 11i, the patch is not required.

13

Page 12 Page 14
Image 13
Page 12 Page 14
Contents White Paper Copyright Notices Legal NoticesIntroduction PAM and NSS HP-UX and Windows 2000 Integration ProductsPAM Kerberos Services for Unix SFU Kerberos ServicesWindows Active Directory ADNIS Server NIS Integration How HP-UX and Windows 2000 Products IntegrateHP-UX Client Windows 2000 ServerNIS+PAMKerberos HP-UX client HP-UX Client Windows 2000 Server Ldap IntegrationLdap + PAMKerberos HP-UX Client Windows 2000 Server NIS vs. Ldap Integration Benefits of Integration Common AuthenticationCommon Data Repository Single Point of Account ManagementInstall Active Directory into your Windows 2000 server Configuring Windows 2000 and HP-UX Using NIS IntegrationInstall SFU 2.0, including Server for NIS Add an account for HP-UX client machine to ADPAM Kerberos Configuration NIS Client ConfigurationCreate /etc/krb5.conf Add the Kerberos services to /etc/servicesAdd a host key to the /etc/krb5.keytab file Synchronize the HP-UX clock to the Windows 2000 clock Change /etc/pam.conf to use PAM KerberosPassword sufficient /usr/lib/security/libpamunix.1 Software Installation Configuring Windows 2000 and HP-UX Using Ldap IntegrationActive Directory Configuration Run the setup tool LDAP-UX Client Services ConfigurationVerify profile cache Change Name Service Switch NSS to use Ldap Configure a proxy userSecurity Add and delete groups AdministrationAdd and delete user accounts Password expiration Manage account and password policiesUser forced to change password Login procedureMigration Appendix a Setting a Proxy User’s Access Rights Read memberUid Read msSFUPassword Read msSFUName
Related manuals
Manual 214 pages 54.35 Kb Manual 65 pages 7.83 Kb
Top Page Image Contents