- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: LDAP Client configuration - pcred file
Operating System - HP-UX
1753268
Members
5053
Online
108792
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-18-2006 08:06 PM
тАО09-18-2006 08:06 PM
LDAP Client configuration - pcred file
Hi to all,
I want to automatize the LDAP Client installation procedure. Can I use the same /etc/opt/ldapux/pcred file to copy it on each ldap client I want configure or must I re-generate it any time ?
Thanks
I want to automatize the LDAP Client installation procedure. Can I use the same /etc/opt/ldapux/pcred file to copy it on each ldap client I want configure or must I re-generate it any time ?
Thanks
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-18-2006 09:14 PM
тАО09-18-2006 09:14 PM
Re: LDAP Client configuration - pcred file
Stefano,
Step 8, Point 2 of this document:
http://docs.hp.com/en/J4269-90049/ch02s07.html
"Copy the following files from a configured client to the client being configured:
/etc/opt/ldapux/ldapux_client.conf
/etc/opt/ldapux/pcred only if you have configured a proxy user, not if you are using only anonymous access
/etc/pam.conf
/etc/nsswitch.conf
cert7.db or cert8.bd and key3.db flles if SSL is enabled"
Step 8, Point 2 of this document:
http://docs.hp.com/en/J4269-90049/ch02s07.html
"Copy the following files from a configured client to the client being configured:
/etc/opt/ldapux/ldapux_client.conf
/etc/opt/ldapux/pcred only if you have configured a proxy user, not if you are using only anonymous access
/etc/pam.conf
/etc/nsswitch.conf
cert7.db or cert8.bd and key3.db flles if SSL is enabled"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-20-2006 01:46 AM
тАО09-20-2006 01:46 AM
Re: LDAP Client configuration - pcred file
Technically, yes you can. I automated our install and it worked pretty well, however I found that it was more stable if I ran it myself. When just copying the file, on a couple of occasions, the file copied properly, was the same file, chksums were the same, etc, but no go.
My script now passes the password at time of installation. This just ensures that you don't start with a corrupt file. It does however require that you enter the password for the proxy user correctly. Since the password can't be changed or expired in the domain, I used a 63 character strong password.
One limitation is that HP-UX and Windows and their respective command lines have different limitations for which special characters are allowed.
You end up getting limited down to: !-=_+,.;:
Here's the section of my script:
# Get the LDAP Proxy User Password
EXITFLAG=0
LPROXPW=""
while [ "$EXITFLAG" -ne "1" ]
do
echo "\n\nEnter the LDAP Proxy User account password: \c"
read LPROXPW
if `echo $LPROXPW | grep ^$ > /dev/null`
then
:
else
EXITFLAG=1
fi
done
echo "Downloading the LDAP-UX Profile from the AD."
/opt/ldapux/config/get_profile_entry -s nss -D "CN=LDAP Proxy User,CN=Users,DC=mydomain,DC=ca" -w $LPROXPW
/opt/ldapux/config/ldap_proxy_config -v
/sbin/init.d/ldapclientd.rc start
Oh, one other thing. After bugging HP support for what type of encryption is used on this file, I had an answer of "it's secure and we aren't going to tell you", which translates to proprietary and therefore weak. If they were using a stong encryption method such as 3DES, AES-256 or other strong one-way encryption algorithm the would be willing to let you know what it was.
I've also found that the file size doesn't change no matter what the length of the password or proxy user account is.
My script now passes the password at time of installation. This just ensures that you don't start with a corrupt file. It does however require that you enter the password for the proxy user correctly. Since the password can't be changed or expired in the domain, I used a 63 character strong password.
One limitation is that HP-UX and Windows and their respective command lines have different limitations for which special characters are allowed.
You end up getting limited down to: !-=_+,.;:
Here's the section of my script:
# Get the LDAP Proxy User Password
EXITFLAG=0
LPROXPW=""
while [ "$EXITFLAG" -ne "1" ]
do
echo "\n\nEnter the LDAP Proxy User account password: \c"
read LPROXPW
if `echo $LPROXPW | grep ^$ > /dev/null`
then
:
else
EXITFLAG=1
fi
done
echo "Downloading the LDAP-UX Profile from the AD."
/opt/ldapux/config/get_profile_entry -s nss -D "CN=LDAP Proxy User,CN=Users,DC=mydomain,DC=ca" -w $LPROXPW
/opt/ldapux/config/ldap_proxy_config -v
/sbin/init.d/ldapclientd.rc start
Oh, one other thing. After bugging HP support for what type of encryption is used on this file, I had an answer of "it's secure and we aren't going to tell you", which translates to proprietary and therefore weak. If they were using a stong encryption method such as 3DES, AES-256 or other strong one-way encryption algorithm the would be willing to let you know what it was.
I've also found that the file size doesn't change no matter what the length of the password or proxy user account is.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP