HP UX LDAP-UX Integration Software How HP-UX and Windows 2000 Products Integrate, NIS Integration

Page 7

How HP-UX and Windows 2000 Products Integrate

There are two approaches to integrate HP-UX account managemant and authentication with Windows 2000:

NIS

LDAP

NIS Integration:

Windows 2000 as NIS Server + HP-UX as NIS Client + HP-UX PAM_Kerberos

Server for NIS is one of the SFU 2.0 tools, which enables Windows 2000 to serve as an NIS server. It utilizes AD to store user account and group information. An NIS client on HP-UX communicates with the NIS server on Windows 2000 to retrieve information from AD. The PAM Kerberos product on HP-UX uses Windows 2000 Kerberos Services to authenticate users who want to log into HP-UX machines. Although PAM_UNIX can authenticate users stored in an NIS server, it is not a good choice for this integration, because PAM_UNIX mainly retrieves user account information from the server, then authenticates users on the client machine, which doesn’t have the benefit of common authentication. The following figure illustrates the integration between two NIS platforms.

NIS:

HP-UX Client

getpwnam()

NSS engine

NSS_NIS

Windows 2000 Server

NIS protocol

Server for NIS

 

 

Active

 

 

 

 

(SFU 2.0)

 

 

Directory

 

 

 

 

 

 

 

 

7

Page 6 Page 8
Image 7
Page 6 Page 8
Contents White Paper Copyright Notices Legal NoticesIntroduction PAM and NSS HP-UX and Windows 2000 Integration ProductsPAM Kerberos Active Directory AD Kerberos ServicesServices for Unix SFU WindowsNIS Server Windows 2000 Server How HP-UX and Windows 2000 Products IntegrateNIS Integration HP-UX ClientNIS+PAMKerberos HP-UX client HP-UX Client Windows 2000 Server Ldap IntegrationLdap + PAMKerberos HP-UX Client Windows 2000 Server NIS vs. Ldap Integration Single Point of Account Management Common AuthenticationBenefits of Integration Common Data RepositoryAdd an account for HP-UX client machine to AD Configuring Windows 2000 and HP-UX Using NIS IntegrationInstall Active Directory into your Windows 2000 server Install SFU 2.0, including Server for NISPAM Kerberos Configuration NIS Client ConfigurationCreate /etc/krb5.conf Add the Kerberos services to /etc/servicesAdd a host key to the /etc/krb5.keytab file Synchronize the HP-UX clock to the Windows 2000 clock Change /etc/pam.conf to use PAM KerberosPassword sufficient /usr/lib/security/libpamunix.1 Software Installation Configuring Windows 2000 and HP-UX Using Ldap IntegrationActive Directory Configuration Run the setup tool LDAP-UX Client Services ConfigurationVerify profile cache Change Name Service Switch NSS to use Ldap Configure a proxy userSecurity Add and delete groups AdministrationAdd and delete user accounts Login procedure Manage account and password policiesPassword expiration User forced to change passwordMigration Appendix a Setting a Proxy User’s Access Rights Read memberUid Read msSFUPassword Read msSFUName
Related manuals
Manual 214 pages 54.35 Kb Manual 65 pages 7.83 Kb
Top Page Image Contents