Introduction
Many enterprises contain a mixture of operating systems and platforms. Often a single user has both Windows 2000 and UNIX accounts on multiple systems. Having a common authentication service and account information data store across platforms improves security, administration and the end-user experience.
Windows 2000 servers provide network-wide common authentication and data storage, but Windows clients don’t interoperate with other vendor’s solutions. Fortunately, HP-UX can dynamically add authentication and name service libraries to an existing system, allowing it to utilize a variety of services. The basis of the Microsoft services comes from industry standard protocols (Kerberos1 and LDAP2) already supported by HP-UX. Integrating HP-UX as a client of these services mostly requires configuration modifications to handle the differences between Microsoft’s implementation and those of other providers of similar services.
This white paper describes how to use existing products to integrate HP-UX authentication, user and group management with Microsoft Windows 2000. Utilizing the LDAP-UX Client Services and PAM Kerberos Authentication products from HP, and Microsoft’s Services for UNIX 2.0 (SFU), the Windows 2000 Active Directory (AD) can be used as a common data store for both Windows 2000 and HP-UX. In addition, HP-UX users can be authenticated using the same user name, password and Kerberos server utilized by the Windows clients.
1“The Kerberos Network Authentication Service (V5)”, J. Hohl, C. Neuman, IETF RFC 1510, September 1993
2“Lightweight Directory Access Protocol (v3)”, M. Wahl, T. Howes, S. Kille, IETF RFC 2251, December 1997
3
