HPE Community
Operating System - HP-UX
1833006 Members
3062 Online
110048 Solutions
New Discussion

Re: LDAP-UX with trusted system

 
Hirotada Sasaki
Occasional Advisor

‎07-19-2002 03:46 AM

‎07-19-2002 03:46 AM

LDAP-UX with trusted system

Hello,

I'm trying to use LDAP-UX with trusted system. But users can't login via telnet, ftp, or CDE login. I noticed su and ssh(without public key authentication) works well. Also /usr/bin/passwd can change the password in LDAP server correctly. So I asked HP about this issue. But the answer was "HP doesn't support LDAP-UX with trusted system".
I think there could be some workarounds, since some of the functions work well.
So does anyone have experience to use LDAP-UX with trusted system ?

Best Regards,
Hirotada
0 Kudos
Reply
12 REPLIES 12
harry d brown jr
Honored Contributor

‎07-19-2002 04:02 AM

‎07-19-2002 04:02 AM

Re: LDAP-UX with trusted system


If you are using LDAP, why use trusted?

live free or die
harry
Live Free or Die
0 Kudos
Reply
Steve Steel
Honored Contributor

‎07-19-2002 04:09 AM

‎07-19-2002 04:09 AM

Re: LDAP-UX with trusted system

Hi


Are there error messages

example

/var/dt/Xerrors $HOME/.dt/startlog

for CDE


Steve Steel
If you want truly to understand something, try to change it. (Kurt Lewin)
0 Kudos
Reply
Hirotada Sasaki
Occasional Advisor

‎07-19-2002 04:18 AM

‎07-19-2002 04:18 AM

Re: LDAP-UX with trusted system

Hi harry,

I want to keep user root in local file. But in this case, anyone can see encrypted password for root.
So I prefer trusted system.
0 Kudos
Reply
Eric Buckner
Regular Advisor

‎07-19-2002 08:34 AM

‎07-19-2002 08:34 AM

Re: LDAP-UX with trusted system

Hirotada,
Not that I am of any help in this situation, but I have been looking at running LDAP-UX for user authentication. Do you have any documentation concerning doing this on a non-trusted system?

So sorry wasn't trying to hijack your tread. Email me at ebuckner@dollargeneral.com and hopefully I won't do to much damage.

Thanks,
Eric
Time is not a test of the truth.
0 Kudos
Reply
Rodney Hills
Honored Contributor

‎07-19-2002 08:39 AM

‎07-19-2002 08:39 AM

Re: LDAP-UX with trusted system

I am looking into installing LDAP-UX (now that we have a Win2000 ADS server), but I am disappointed to hear it doesn't work with "trusted systems".

Some day I might implement "trusted system", not so much for security, as to get the capabilities to trace events for auditing purposes.

I hope HP is looking into at least seperating those capibilities outside of "trusted systems", because they sure look handy.

-- Rod Hills
There be dragons...
0 Kudos
Reply
Daimian Woznick
Trusted Contributor

‎07-19-2002 09:35 AM

‎07-19-2002 09:35 AM

Re: LDAP-UX with trusted system

Have you setup PAM to allow the authentication for telnet, ftp, CDE to come from the directory?
0 Kudos
Reply
harry d brown jr
Honored Contributor

‎07-19-2002 09:56 AM

‎07-19-2002 09:56 AM

Re: LDAP-UX with trusted system

Hirotada,

I see what you mean. I'll look into somethings.

live free or die
harry
Live Free or Die
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎07-19-2002 02:01 PM

‎07-19-2002 02:01 PM

Re: LDAP-UX with trusted system

My take is that LDAP cannot be supported on trusted HP-UX because the trusted password database is proprietary to HP so I am not surprized if the standard utilities do not work. I am not sure if HP changed it's stance.

We tried and gave it up. Did you try su/ssh'ing to a normal user from another normal user after changing the password in LDAP?.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Hirotada Sasaki
Occasional Advisor

‎07-21-2002 06:19 PM

‎07-21-2002 06:19 PM

Re: LDAP-UX with trusted system

Hi Steve,

Here is a error messages about CDE. (~/.dt/startlog wasn't created.)

/var/dt/Xerrors:
# cat /var/dt/Xerrors
X connection to :0.0 broken (explicit kill or server shutdown).
usage: chown [-R] [-h] owner[:group] file ...

Mon Jul 22 11:09:01 2002
error (pid 8964): Session has no command/arguments
/usr/bin/X11/xsetroot: unable to open display ''
mwm: Could not open display.
Error: Can't open display:
Error: Couldn't find per display information
ksh: lpstat: not found
ksh: awk: not found
ksh: sort: not found
PrintSubSystem: (PrintSubSystem) InitChildren method could not list queues.

Are there any idea what's going on ?
0 Kudos
Reply
Hirotada Sasaki
Occasional Advisor

‎07-21-2002 06:32 PM

‎07-21-2002 06:32 PM

Re: LDAP-UX with trusted system

Hi Daimian,

I configured pam.conf so that login, ftp, dtlogin, etc. refers libpam_ldap.1 after libpam_unix.1.
(Actually, I copied pam.ldap to pam.conf.)
Also edited nsswitch.conf to refer ldap directry.

So I think it should work...
0 Kudos
Reply
Hirotada Sasaki
Occasional Advisor

‎07-21-2002 06:53 PM

‎07-21-2002 06:53 PM

Re: LDAP-UX with trusted system

Hi Sridhar,

Yes, I tried to su from normal user A to normal user B, just after user A changed his password with /usr/bin/passwd.
And it succeeded.
Of courese, user A and B are neither in /etc/passwd nor in /tcb/files/auth.
0 Kudos
Reply
Bob Neal-Joslin
Trusted Contributor

‎09-11-2002 12:43 PM

‎09-11-2002 12:43 PM

Re: LDAP-UX with trusted system

There is a similar discussion under the hp-ux/security forum. Look for "ldap and trusted systems". There are more details there.

Bob
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.