The following describes how to configure your HP-UX machine as a NIS client and use PAM Kerberos to authenticate users logging into the machine.

NIS Client Configuration

Step 1: Configure HP-UX as a NIS client.

Edit /etc/rc.config.d/namesvrs, and change the following variables: NIS_CLIENT=1

NIS_DOMAIN=nisdomain

Nisdomain is the default NIS domain created by SFU 2.0, usually it is the first domain component of your domain root. For example, if your domain root is dc=la,dc=cal,dc=com, SFU 2.0 creates a default NIS domain called la.

Step 2: Change Name Service Switch (NSS) to use NIS.

The passwd and group entries in /etc/nsswitch.conf must include the keyword nis, for example:

passwd:

files nis

group:

files nis

This tells the Name Service Switch to retrieve user account and group information firstly from the local /etc/passwd file. If this fails, then retrieve the information from an NIS server, which is Windows 2000 in our case. If your machine doesn’t have /etc/nsswitch.conf, you can create one from copying /etc/nsswitch.nis. However, in that case, you will have to decide how you want to configure other services (e.g. hosts, networks, rpc. etc).

Step 3: Start HP-UX as a NIS client.

You can start the client by doing “/sbin/init.d/nis.client start”.

PAM Kerberos Configuration

Step 1: Download and install the PAM Kerberos product.

If the OS version of your HP-UX machine is 11.00, you need to download and install PAM Kerberos product (J5849AA). It can be obtained from HP software depot web site, http://software.hp.com. After downloading the software from the web site, you use /usr/sbin/swinstall to install the product onto your HP-UX. The installation instruction can also be found from the web site. If the OS version of your HP-UX machine is 11i, unless you unselect it, PAM Kerberos is installed on your machine as part of the core operating system by default. You can also install it individually from the HP-UX 11i OS CD if needed.

The PAM Kerberos Release Note (J5849AA-90001)and Configuration Guide for Kerberos Products on HP-UX (J5849-90003) can be obtained from http://docs.hp.com/hpux/internet. These two documents provide you detailed information about the product.

If your HP-UX is 11.00, the 11.0 patch PHCO_22265 must be installed. It can be obtained from the HP Electronic Support Center at:

http://us-support.external.hp.com or

http://europe-support.external.hp.com

The patch number can be superseded at any time. The above patch number is current as of December 27, 2000. If your HP-UX machine is 11i, the above patch has been incorporated into HP-UX 11i, the patch is not required.

13

Page 13
Image 13
HP UX LDAP-UX Integration Software manual NIS Client Configuration, PAM Kerberos Configuration