cancel
Showing results for 
Search instead for 
Did you mean: 

openldap and SIA

SOLVED
Go to solution
nikola radovanovic
Occasional Advisor

openldap and SIA

hi,
this is my first post here,so do not laugh if i ask some silly question. ok,now the question(s):
recently, i have implemented SSO using OpenLDAP on linux.fine.now i want to do the same thing on Tru64 with OpenLDAP.is this possible at all?as far as i understood,Tru64 is using SIA instead of PAM.can somebody point out where to find documentation about this topic?can i compile berkeley db,openssl,cyrus sasl,MIT/heimdal kerberos,openldap on tru64.is there a point to compile libnss-ldap on Tru64? also i am interested in interoperability in following cases:Tru64/linux and Tru64/MS AD.
well thats all for now...
10x in advance
9 REPLIES
Ann Majeske
Honored Contributor

Re: openldap and SIA

What version of Tru64 UNIX are you using? If it's some flavor of V5.1B you should be able to do what you're trying with the version of OpenLDAP and SSO supplied with Tru64. I'm not sure you'd be able to do it with a standard distribution of OpenLDAP since Tru64 uses SIA, as you said.

There's more information in the Security Administration manual for V5.1B.



nikola radovanovic
Occasional Advisor

Re: openldap and SIA

yes,it is flavor of 5.1b.where can i found that manual?i have tried on HP site without success...
10x in advance
nikola radovanovic
Occasional Advisor

Re: openldap and SIA

Ann Majeske
Honored Contributor

Re: openldap and SIA

Yes, check out Appendices C and D. One thing to note, Tru64 SSO does not work with Windows 2003 AD.

Ann
nikola radovanovic
Occasional Advisor

Re: openldap and SIA

ok.10x.

oh,yes,can i set kerberos trust between AD 2003 and Tru64?

10x in advance.
Ann Majeske
Honored Contributor
Solution

Re: openldap and SIA

I'm trying to find out an answer to your question about setting a kerberos trust between AD 2003 and Tru64. I haven't gotten an answer yet, but a co-worker did point me to the following links for more information on Tru64 SSO:

Best Practices document on configuring Tru64 Unix and windows single signon.
http://h30097.www3.hp.com/docs/sso/ <>

Windows 2000 Single Sign-on Online Documentation.
http://h30097.www3.hp.com/docs/sso/?jumpid=reg_R1002_USEN

Windows 2000 SSO installation and administration guide
http://h30097.www3.hp.com/docs/sso/ACRO_DUX/INSTADMN.PDF

nikola radovanovic
Occasional Advisor

Re: openldap and SIA

hmmm.
interesting-does that mean i can't use linux KDC+ldap for Tru64 client machines and i must use MS AD?
nikola radovanovic
Occasional Advisor

Re: openldap and SIA

maybe will be a good idea to say what i want to do,so:
my company is developing software that runs on win and various flavours of unix'es (Tru64 is among them) , so we want to make our system and software more safe and that is when we came up with a kerberos+LDAP idea.i have some success with linux+MS integration,but Tru64 is something vety new for me (i am not system administrator at all :) )so i will basically like to run kerberos+OpenLDAP on some linux and Tru64 is client for SSO.Other option is that Tru64 be kerberos+OpenLDAP server.Regarding MS AD,i will try to use it as SSO server,but this solution probably never will be used in reality.

best regards and 10x for the help.
cheers
Ann Majeske
Honored Contributor

Re: openldap and SIA

I did a google search for tru64+kerberos+sia and it looks like there's at least one SIA plugin for Kerberos V5 out there. But, since this is software that is not supplied by HP I can't tell you how well it works and if/how you could set it up to work with ldap to do what you want.