- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: LDAP integration with HP-UX
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-27-2010 03:23 AM
тАО01-27-2010 03:23 AM
LDAP integration with HP-UX
I want to impliment a windows 2008 server with LDAP to authenticate hp-ux servers and host name resolution. Also want to use the same for changing root password of all unix servers centrally.
How can i achieve this...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-27-2010 03:37 AM
тАО01-27-2010 03:37 AM
Re: LDAP integration with HP-UX
check this link :
"Configuring Active Directory for HP-UX Integration"
http://www.docs.hp.com/en/J4269-90037/ch02s05.html
mikap
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-27-2010 05:37 AM
тАО01-27-2010 05:37 AM
Re: LDAP integration with HP-UX
The document is good but omits important issues.
This integration only works if the Windows Server is properly patched. So get with the Windows Server admin and see that this is taken care of before getting needlessly frustrated.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-28-2010 03:33 AM
тАО01-28-2010 03:33 AM
Re: LDAP integration with HP-UX
Can i expect some more documents related. and how can i plan this integration ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-28-2010 06:52 AM
тАО01-28-2010 06:52 AM
Re: LDAP integration with HP-UX
You will need to review the PAM_kerberos and Kerberos client documentation as well. If you are using automounting at all, you should review the Enhancged AutoFS stuff. Also, LDAP enabled hosts allow any LDAP enabled user to authenticate against the host. This is a good thing. It however, does NOT check whether or not the user is AUTHORIZED to be on the host, for this, you need pam_authz, which installs with LDAP-UX.
Samba integration can also be a challenge, it depends on whether you use LDAP and essentially pass-through authentication to authenticate, or properly authenticate using Kerberos. In this case, review the CIFS Server / Kerberos integration docs. (under CIFS Server I believe on docs.hp.com)
Most of my responses are related to LDAP-UX integration with a Windows AD, please feel free to peruse.
For centralizing your root password changes, the challenge here is, you could have root come out of your AD, however, if for some reason your AD was unavailable (such as single user mode), you would not have the ability to log in.
Alternately, you could use a method of scripted change to the root password. This is generally frowned upon, as, with anything n security, anything that can be used for good, can also be used for evil. If you can change your passwords easily, so could an attacker.
On Linux, you can used stdin to set a p/w like this:
passwd root --stdin << EOL
mynewpw
mynewpw
EOL
But HPUX doesn't support this. PowerBroker or other similar tool might help.
You could also use an ugly sed script to force it in, but you would have to use a key based authentication model for delivering the script, such as a central UX host with root login privs, or a complex login as non-priv user (operator?), su to root and for the change. Or a pull script from a centralised location. Or a config management toolset such as cfengine. Here's a bunch of Open Source ones:
http://en.wikipedia.org/wiki/Comparison_of_open_source_configuration_management_software
Personally, I think you should separate the requirements, centralising system account management vs. user account management and go from there.
Don
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-28-2010 05:40 PM
тАО01-28-2010 05:40 PM
Re: LDAP integration with HP-UX
Thanks a lot for valuable & brief suggestion.
Expecting more advice from Experts...