Ldap Integration | HP UX LDAP-UX Integration Software guide

LDAP Integration:

Windows 2000 as LDAP server + HP-UX as LDAP Client + HP-UX PAM_Kerberos

HP-UX uses Windows 2000 AD to store user account and group information. The LDAP-UX client on HP-UX retrieves information from AD. The PAM Kerberos product on HP-UX uses Windows 2000 Kerberos Services to authenticate users who want to log into HP-UX machines. The following figure illustrates the integration between two platforms.

LDAP:

HP-UX Client

Windows 2000 Server

getpwnam ()

NSS engine

NSS_LDAP

LDAP protocol

	Extend
Active	schema	Server for NIS
Directory		(SFU 2.0)

LDAP + PAM_Kerberos:

HP-UX Client

Windows 2000 Server

login

PAM Library

PAM_Kerberos

getpwnam()

NSS engine

NSS_LDAP

Kerberos protocol

LDAP protocol

Kerberos Services

Active

Directory

Server for NIS (SFU 2.0)

9

Image 9

HP UX LDAP-UX Integration Software manual Ldap Integration, HP-UX Client Windows 2000 Server

Contents

White Paper Copyright Notices Legal Notices Introduction HP-UX and Windows 2000 Integration Products PAM and NSSPAM Kerberos Services for Unix SFU Kerberos ServicesWindows Active Directory AD NIS Server NIS Integration How HP-UX and Windows 2000 Products IntegrateHP-UX Client Windows 2000 Server NIS+PAMKerberos HP-UX client Ldap Integration HP-UX Client Windows 2000 ServerLdap + PAMKerberos HP-UX Client Windows 2000 Server NIS vs. Ldap Integration Benefits of Integration Common AuthenticationCommon Data Repository Single Point of Account Management Install Active Directory into your Windows 2000 server Configuring Windows 2000 and HP-UX Using NIS IntegrationInstall SFU 2.0, including Server for NIS Add an account for HP-UX client machine to AD PAM Kerberos Configuration NIS Client Configuration Add the Kerberos services to /etc/services Create /etc/krb5.confAdd a host key to the /etc/krb5.keytab file Synchronize the HP-UX clock to the Windows 2000 clock Change /etc/pam.conf to use PAM Kerberos Password sufficient /usr/lib/security/libpamunix.1 Configuring Windows 2000 and HP-UX Using Ldap Integration Software InstallationActive Directory Configuration LDAP-UX Client Services Configuration Run the setup toolVerify profile cache Change Name Service Switch NSS to use Ldap Configure a proxy user Security Administration Add and delete groupsAdd and delete user accounts Password expiration Manage account and password policiesUser forced to change password Login procedure Migration Appendix a Setting a Proxy User’s Access Rights Read memberUid Read msSFUPassword Read msSFUName