HP-UX and Windows 2000 Integration Products
Both HP-UX and Windows 2000 operating systems offer new features which make the integration possible.
HP-UX
The following products, released as part of the system core and via Application CDs, provide the framework allowing HP-UX to become more flexible and more interoperable:
PAM and NSS:
As of release 11.0, HP-UX supports the Name Service Switch (NSS) and Pluggable Authentication Module (PAM) architecture. These architectures provide a method to install and configure multiple name and authentication services without affecting the higher level commands and APIs. For example, by installing the PAM Kerberos authentication library, and modifying the file /etc/pam.conf, the HP-UX login command will now authenticate users with a Kerberos server, instead of using the default local PAM_UNIX authentication.
NSS and PAM give HP-UX system administrators the flexibility to choose where to store user account information and how to authenticate a user who wants to login to the system.
LDAP-UX:
The LDAP-UX integration product, released in March 2001 on the HP-UX Application CD, includes a NSS library that retrieves account and group information from Lightweight Directory Access Protocol (LDAP) v3 compliant data repositories. It is designed with the goal of being directory vendor neutral, and flexible regarding tree structure, schema and naming convention. Therefore, through some configuration modifications, the NSS LDAP library will be able to retrieve information from the Windows 2000 directory service.
PAM Kerberos:
The PAM Kerberos product supports Kerberos authentication, which authenticates users without sending plain text passwords over the network. HP-UX PAM Kerberos has been tested with Microsoft Windows 2000 and MIT Kerberos V5 Key Distribution Center (KDC).
The following figure shows how these components work together:
4