Manualshelf

Internet Express for Tru64 UNIX Version 6.8 Administration Guide (14233)

ManualsBrandsHP ManualsSoftwareTru64 UNIX 5.1B
919293949596979899100
mail=shmoe@fac.digieng.com
uid=jshmoe
title=Process Engineer
For more information, see ldapmodify(1).
4.6 Overview of the LDAP Client
This section provides a summary of the LDAP client functionality and related files.
4.6.1 Actions Performed by the LDAP Client
The LDAP client daemon does the following when started.
Updates the /etc/sia/matrix.conf file to include the LDAP Security Integration
Architecture (SIA) mechanism.
Adds the following entry to the /etc/inittab file to automatically start the LDAP client
daemon when the system starts:
ldapcd:34:respawn:/usr/sbin/ldapcd -D /dev/console 2&1
4.6.2 Authentication Actions Performed
When you install and enable the LDAP Module for System Authentication subset, user and group
authentication takes place through an LDAP server.
For example, an LDAP server transparently provides authentication information for login
(rlogin, ftp, telnet, su) and mail (POP and IMAP).
For users not found in the LDAP directory, authentication automatically falls back to using the
local authentication mechanism (/etc/passwd) and/or NIS, if it is configured.
4.6.3 Files Modified by theLDAP Module for System Authentication
The LDAP module for system authentication configures the security matrix in the
/etc/sia/matrix.conf file for system authentication.
The security matrix consists of a list of security-related system calls and the library to be used
for each call.
4.6.4 Files Not Modified by the LDAP Module for System Authentication
The LDAP module does not add or modify either /etc/nsswitch.conf or /etc/svc.conf.
In case /etc/nsswitch.conf or /etc/svc.conf are modified manually by someone to
include LDAP entries, you should revert the file back to its original state.
4.6.5 Other Important Files
Other relevant files include /etc/ldapusers.deny and /etc/ldapusers.allow .
4.6.5.1 /etc/ldapusers.deny
The /etc/ldapusers.deny file is a text file in which you enter the name of a Tru64 UNIX
user who will not be authenticated by LDAP authentication.
A default /etc/ldapusers.deny file is provided when you install the LDAP client software.
4.6.5.2 /etc/ldapusers.allow
If you want to disallow access to all but a few users, you must create the
/etc/ldapusers.allow file. The /etc/ldapusers.allow file is a text file in which you
enter the name of a Tru64 UNIX user who will only be authenticated by LDAP authentication.
4.6 Overview of the LDAP Client 91