Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 LDAP-UX Client Services B.04.10 with Microsoft Windows Active Directory Administrator's Guide: HP-UX 11i v1 and v2 > Chapter 1 Introduction

How LDAP-UX Client Services Works
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

LDAP-UX Client Services leverage the authentication mechanism provided in the Pluggable Authentication Module (PAM), and the naming services provided by the Name Service Switch (NSS). Refer to pam(3), pam.conf(4), and Managing Systems and Workgroups at http://docs.hp.com/hpux/os for information on PAM. For information on NSS, refer to switch(4) and "Configuring the Name Service Switch" in Installing and Administering NFS Services at http://docs.hp.com/hpux/communications/#NFS.

These extensible mechanisms allow new authentication methods and new name services to be installed and used without changing the underlying HP-UX commands. In particular, PAM architecture now supports Kerberos authentication, which allows integration of HP-UX account management in Windows 2000 or 2003.

Kerberos, an industry standard for network security, is seamlessly integrated in the Windows 2000 or 2003 operating system through the automatic configuration of Active Directory domain controllers to provide Kerberos with authentication services. This enables Windows 2000 or 2003 to authenticate Kerberos clients regardless of what platform they reside. The following figure illustrates the integration between HP-UX and Windows 2000 for SFU (Windows Services for Unix) version 2.0.

Figure 1-3 HP-UX Client Login Sequence with Windows 2000 (SFU 2.0)

HP-UX Client Login Sequence with Windows 2000 (SFU 2.0)

With LDAP-UX Client Services, HP-UX commands and subsystems can transparently access name service information from the Active Directory through PAM and NSS. Table 1-1 shows some examples of commands that use PAM and NSS.

Table 1-1 Examples of Commands that use PAM and NSS

Commands using NSS

Commands using PAM and NSS

lslogin
nsquery[1]passwd
whoftp
whoamisu
finger[2]rlogin
idtelnet
lognamedtlogin
groupsremsh
newgrp[2] 
pwget[2] 
grget[2] 
listusersb 
loginsb 

[1] nsquery(1) is a contributed tool included with the ONC/NFS product.

[2] These commands enumerate the entire passwd or group database, which may reduce network and directory server performance for large databases.

 

After you install and configure the Active Directory and migrate your name service data into it, HP-UX client systems locate the directory from a start-up file. The start-up file tells the client system how to download a configuration profile from the Active Directory.

The configuration profile is a directory entry containing configuration information common to many clients. Storing this information in the directory lets you maintain it in one place and share it among many clients rather than storing it redundantly across the clients. Because the configuration information is stored in the directory, all each client needs to know is where its profile is. Each client downloads the configuration profile from the directory.

The profile is an entry in the directory containing details on how clients will access the directory. These details might include where and how clients should search the directory for user, group, and other name service information, or other configuration parameters such as search time limits.

Figure 1-4 The Local Start-up File and the Configuration Profile

The Local Start-up File and the Configuration Profile


Overview of LDAP-UX Client Services
  		 


Chapter 2 Installing LDAP-UX Client Services  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2006 Hewlett-Packard Development Company, L.P.