[prev in list] [next in list] [prev in thread] [next in thread]
List: hpux-devtools
Subject: RE: HPUX-DEVTOOLS: How to integrate nss and pam modules with
From: "Alan Balmer" <ABalmer () blackboard ! com>
Date: 2005-04-06 14:57:21
Message-ID: C982ADA41134D74981D58E36B24F909713388F () Pima ! az ! blackboard ! com
[Download RAW message or body]
> -----Original Message-----
> From: owner-hpux-devtools@cxx.cup.hp.com
> [mailto:owner-hpux-devtools@cxx.cup.hp.com]On Behalf Of
> mohyen.liew@wesoft.com
> Sent: Wednesday, April 06, 2005 12:07 AM
> To: hpux-devtools@cxx.cup.hp.com
> Subject: HPUX-DEVTOOLS: How to integrate nss and pam modules with
> Trusted Mode
>
I'm also interested in the answer to this, since we also have a front end
which allows the addition of system operators simultaneously with the creation
of a corresponding HP-UX user id and password.
Currently, we are constructing command lines for useradd, userdel, usermod,
and passwd, and submitting them via the (C language) system() function. It
works well, but it would be nicer to use an API.
>
> We are currently working on an identity Management system (runs on
> Unix/Linux) that allows AD domain users to login to
> Unix/Linux machines
> with the username/password in AD. Currently, this system is
> running well
> on various versions of HP-UX , which are 11.23, 11.22, 11.11
> and 11.00, in
> standard mode.
>
> In order to enable AD domain users to login to the Unix/Linux
> machine, we
> have written our own pam
> and nss modules to talk to AD for authenticating these
> domain users and
> retrieving their user/group information.At this stage, our system is
> working well with non-trusted system (i.e. standard mode) of
> HPUX . And,
> we are now going to support trusted system as well.
>
> We tried to run our identity Management system on a trusted
> system, the
> result was that all AD users failed to login to the trusted
> system, even
> though our log file indicated that the authentication to AD
> succeeded.
>
> According to HP documentation, there are "Trusted Mode APIs"
> availble,
> which are getprpwent, getprpwuid, getprpwnam, putprpwnam ....
> etc, that
> allow you to manipulate the protected password database.
>
> I tried to add an AD User entry to the protected password
> database using
> putprpwnam(), however, this function failed to add the entry.
>
> The question is what function should we create or use in our NSS/PAM
> modules in order to allow the AD user to login to the Trusted
> Mode HP UX ?
>
> Do we need to implement the _nss_mod_getprpwent, _nss_mod_getprpwuid,
> _nss_mod_getprpwnam, _nss_mod_putprpwnam ... etc functions in our nss
> modules ?
>
> According to to this
http://docs.hp.com/en/J4269-90041/ch04s02.html, LDAPUX client services indeed
support HPUX trusted mode.
Wondering where can I download the source of LDAPUX client services as an
exmaple on how to integrate NSS/PAM with HPUX trusted mode ?
Thanks in advnace.
Regards,
Yen
_________________________________________________________________
To leave this mailing list, send mail to majordomo@cxx.cup.hp.com
with the message UNSUBSCRIBE hpux-devtools
_________________________________________________________________
Don't miss the 2005 Blackboard Users Conference April 12-14 in Baltimore, MD!
Visit http://www.blackboard.com/about/events/BbUC05/index.htm for more
information.
This e-mail is intended only for the personal and confidential use of the
recipient(s) named above.
It may include Blackboard confidential and proprietary information, and is not
for redistribution.
_________________________________________________________________
To leave this mailing list, send mail to majordomo@cxx.cup.hp.com
with the message UNSUBSCRIBE hpux-devtools
_________________________________________________________________
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic