HPE Community
Operating System - HP-UX
1819862 Members
2647 Online
109607 Solutions
New Discussion юеВ

Re: LDAP query

 
Jessica P
Regular Advisor

тАО08-10-2006 03:59 AM

тАО08-10-2006 03:59 AM

LDAP query

Hi

does LDAP has authentication mechanism

does it support single sign on

does it keeps session log for the users

which one is better openldap or red hat DS for my HP UX server
0 Kudos
Reply
2 REPLIES 2
Mel Burslan
Honored Contributor

тАО08-10-2006 04:06 AM

тАО08-10-2006 04:06 AM

Re: LDAP query

together with not being an LDAP expert, yes ldap has an authentication mechanism. As a matter of fact iit IS an authentication mechanism. Since it authenticates centrally, single sign-on is possible and as far as I know it also is the driving reason behind the development of LDAP. Logs ? I am not sure about them a sI have never configured an LDAP server but, an authentication system without logs is of no use when the auditors show up, so I have to say yes to that one too.

Last question : which is better can only depend on your particular situation in my opinion.
________________________________
UNIX because I majored in cryptology...
0 Kudos
Reply
Bob Neal-Joslin
Trusted Contributor

тАО08-30-2006 08:15 AM

тАО08-30-2006 08:15 AM

Re: LDAP query

Yes, LDAP v3 servers are required to support authentication. LDAP servers support basic password authentication, with or without TLS protection. In addition, LDAPv3 servers are required to support SASL, which is an extensible authentication system. Most directory servers support several SASL mechanisms, including DIGEST-MD5 and GSSAPI (Kerberos.)

LDAP directory servers do allow you to have a single user identity and password and security policy (password expiration for example) for multiple applications, Windows and HP-UX logins, web portals and applications, etc... However LDAP directory servers themselves are not a true SSO solutuion. I.E. You can't login to your HP-UX system and then start a browswer and expect to not have to type in your password when you access your 401k account (or something similar.) Though if you deploy a Kerberos infrastructure and use SASL/GSSAPI you can get close to true SSO.

As far as logs, it depends on the directory server you choose. I'm not an OpenLDAP expert, but I'd guess it does have logging. And I know that Red Hat DS does support access logging.

As far as which one is better for HP-UX, it's true that it depends. One importaint point is that Red Hat is directly supported by HP and support costs are included with the HP-UX OS support license. Support for OpenLDAP would need to be purchased externally.

bob
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.