Installing And Configuring LDAP-UX Client Services

Configure the LDAP-UX Client Services

To change any of these default values, refer to “Custom Configuration” on page 34.

Step 17. After entering all the configuration information, setup extends the schema, creates a new profile, and configures the client to use the directory.

Step 18. Configure the Pluggable Authentication Module (PAM).

Save a copy of the file /etc/pam.conf and edit the original to specify LDAP authentication and other authentication methods you want to use. See /etc/pam.ldap for a sample. You may be able to just copy /etc/pam.ldap to /etc/pam.conf. See pam(3), pam.conf(4), and Managing Systems and Workgroups at http://docs.hp.com/hpux for more information on PAM.

Step 19. Configure the Name Service Switch (NSS).

Save a copy of the file /etc/nsswitch.conf and edit the original to specify the ldap name service and other name services you want to use. See /etc/nsswitch.ldap for a sample. You may be able to just copy /etc/nsswitch.ldap to /etc/nsswitch.conf. See nsswitch.conf(4) for more information.

Step 20. Optionally, configure the Pam Authorization Service module (pam_authz).

LDAP-UX Client Services provides a sample configuration file, /etc/opt/ldapux/pam_authz.conf.template. This sample file shows you how to configure the policy file to work with pam_authz. You can copy this sample file and edit it using the correct syntax to specify the access rules you wish to authorize or exclude from authorization. For more detailed information on how to configure the policy file. see “PAM_AUTHZ Login Authorization Enhancement” on page 109.

The sample /etc/pam.conf file in the man page will show you how to configure the /etc/pam.conf file to work with pam_authz.For more detailed information about pam_authz, refer to the pam_authz(5) man page.

Step 21. Optionally configure the disable_uid_range flag.

Save a copy of the file /etc/opt/ldapux/ldapux_client.conf and edit the original to activate the disable_uid_range flag. Uncomment the flag in the [NSS] portion of the file and fill in the UID range. The format is disable_uid_range=uid#,[uid#-uid#], .... where uid# stands for uid

number.

Chapter 2

33

Page 47
Image 47
HP UX LDAP-UX Integration Software manual Configure the LDAP-UX Client Services