Manuals / Brands / Computer Equipment / Software / HP / Computer Equipment / Software

HP UX LDAP-UX Integration Software How HP-UXand Windows 2000 Products Integrate, NIS:, HP-UXClient, NIS Integration:, Windows 2000 Server

1 26

Download 26 pages, 124.39 Kb

How HP-UX and Windows 2000 Products Integrate

There are two approaches to integrate HP-UX account managemant and authentication with Windows 2000:

•NIS

•LDAP

NIS Integration:Windows 2000 as NIS Server + HP-UX as NIS Client + HP-UX PAM_Kerberos

Server for NIS is one of the SFU 2.0 tools, which enables Windows 2000 to serve as an NIS server. It utilizes AD to store user account and group information. An NIS client on HP-UX communicates with the NIS server on Windows 2000 to retrieve information from AD. The PAM Kerberos product on HP-UX uses Windows 2000 Kerberos Services to authenticate users who want to log into HP-UX machines. Although PAM_UNIX can authenticate users stored in an NIS server, it is not a good choice for this integration, because PAM_UNIX mainly retrieves user account information from the server, then authenticates users on the client machine, which doesn’t have the benefit of common authentication. The following figure illustrates the integration between two NIS platforms.

NIS:

HP-UX Client

Windows 2000 Server

getpwnam()



	NSS engine
						NIS protocol

								Server for NIS			Active
								Server for NIS			Active
	NSS_NIS							(SFU 2.0)			Directory
	NSS_NIS							(SFU 2.0)			Directory

7

Contents

White Paper Legal Notices Introduction HP-UXand Windows 2000 Integration Products PAM: NSS: Windows Active Directory (AD): Kerberos Services: Page How HP-UXand Windows 2000 Products Integrate NIS+PAM_Kerberos: HP-UXclient Windows 2000 server LDAP Integration: Windows 2000 as LDAP server + HP-UXas LDAP Client + HP-UXPAM_Kerberos LDAP: LDAP + PAM_Kerberos: NIS vs. LDAP Integration: Benefits of Integration Configuring Windows 2000 and HP-UXUsing NIS Integration Step 1: Install Active Directory into your Windows 2000 server Step 2: Add an account for HP-UXclient machine to AD Step 3: Use ktpass to create the keytab file for HP-UXclient machine Step 4: Install SFU 2.0, including Server for NIS Step 1: Configure HP-UXas a NIS client Step 2: Change Name Service Switch (NSS) to use NIS Step 3: Start HP-UXas a NIS client Step 1: Download and install the PAM Kerberos product Step 2: Configure your HP-UXmachine to authenticate using PAM Kerberos Step 3: Change /etc/pam.conf to use PAM Kerberos Page Configuring Windows 2000 and HP-UXUsing LDAP Integration Step 2: Install Active Directory administrative tools Step 3: Install SFU 2.0 to extend the posix schema into AD Step 1: Add a proxy user to AD Step 1: Install the LDAP-UXClient Services product into your HP-UXmachine Step 2: Configure your HP-UXmachine to use AD as the directory server Step 3: Configure a proxy user Step 4: Change Name Service Switch (NSS) to use LDAP Security Administration Manage account and password policies Known problems and limitations Slow performance on object enumeration Password expiration End user Login procedure Password change Shell/finger information change Migration Appendix A: Setting a Proxy User’s Access Rights