HP UX LDAP-UX Integration Software manual Introduction

Page 3

Introduction

Many enterprises contain a mixture of operating systems and platforms. Often a single user has both Windows 2000 and UNIX accounts on multiple systems. Having a common authentication service and account information data store across platforms improves security, administration and the end-user experience.

Windows 2000 servers provide network-wide common authentication and data storage, but Windows clients don’t interoperate with other vendor’s solutions. Fortunately, HP-UX can dynamically add authentication and name service libraries to an existing system, allowing it to utilize a variety of services. The basis of the Microsoft services comes from industry standard protocols (Kerberos1 and LDAP2) already supported by HP-UX. Integrating HP-UX as a client of these services mostly requires configuration modifications to handle the differences between Microsoft’s implementation and those of other providers of similar services.

This white paper describes how to use existing products to integrate HP-UX authentication, user and group management with Microsoft Windows 2000. Utilizing the LDAP-UX Client Services and PAM Kerberos Authentication products from HP, and Microsoft’s Services for UNIX 2.0 (SFU), the Windows 2000 Active Directory (AD) can be used as a common data store for both Windows 2000 and HP-UX. In addition, HP-UX users can be authenticated using the same user name, password and Kerberos server utilized by the Windows clients.

1“The Kerberos Network Authentication Service (V5)”, J. Hohl, C. Neuman, IETF RFC 1510, September 1993

2“Lightweight Directory Access Protocol (v3)”, M. Wahl, T. Howes, S. Kille, IETF RFC 2251, December 1997

3

Page 2 Page 4
Image 3
Page 2 Page 4
Contents White Paper Copyright Notices Legal NoticesIntroduction HP-UX and Windows 2000 Integration Products PAM and NSSPAM Kerberos Active Directory AD Kerberos ServicesServices for Unix SFU WindowsNIS Server Windows 2000 Server How HP-UX and Windows 2000 Products IntegrateNIS Integration HP-UX ClientNIS+PAMKerberos HP-UX client Ldap Integration HP-UX Client Windows 2000 ServerLdap + PAMKerberos HP-UX Client Windows 2000 Server NIS vs. Ldap Integration Single Point of Account Management Common AuthenticationBenefits of Integration Common Data RepositoryAdd an account for HP-UX client machine to AD Configuring Windows 2000 and HP-UX Using NIS IntegrationInstall Active Directory into your Windows 2000 server Install SFU 2.0, including Server for NISPAM Kerberos Configuration NIS Client ConfigurationAdd the Kerberos services to /etc/services Create /etc/krb5.confAdd a host key to the /etc/krb5.keytab file Synchronize the HP-UX clock to the Windows 2000 clock Change /etc/pam.conf to use PAM KerberosPassword sufficient /usr/lib/security/libpamunix.1 Configuring Windows 2000 and HP-UX Using Ldap Integration Software InstallationActive Directory Configuration LDAP-UX Client Services Configuration Run the setup toolVerify profile cache Change Name Service Switch NSS to use Ldap Configure a proxy userSecurity Administration Add and delete groupsAdd and delete user accounts Login procedure Manage account and password policiesPassword expiration User forced to change passwordMigration Appendix a Setting a Proxy User’s Access Rights Read memberUid Read msSFUPassword Read msSFUName
Related manuals
Manual 214 pages 54.35 Kb Manual 65 pages 7.83 Kb
Top Page Image Contents