LDAP in the Solaris Operating Environment[c] Deploying Secure Directory Services

Now that we have touched on the Solaris 9 OE Secured LDAP clients, which have the option to use TLSv1 and SASL/DIGEST-MD5 for authentication, we can discuss what has been done with the Solaris 8 OE LDAP clients. Initially as previously discussed, the Solaris 8 OE LDAP clients relied on clear text passwords or the less secure SASL/CRAM-MD5 for authentication. This is obviously not desirable for customers that wanted to deploy a secure naming service, and also maintain equal and matching functionality in both the Solaris 8 and 9 OE.

Note

The Sun ONE directory server does not support SASL/CRAM-MD5.

With this in mind, Sun backported the Secured LDAP Client found in the Solaris 9 OE to the Solaris 8 OE to provide TLSv1/ and SASL/DIGEST-MD5 support for the LDAP client. The following lists what functionality has been backported:

  • The configuration of the directory server (LDAP) setup has been simplified with the use of idsconfig .

  • A more robust security model that supports strong authentication and Transport Layer Security (TLS) encrypted sessions. A client's proxy credentials are no longer stored in a client s profile on the directory server.

  • The ldapaddent command allows you to populate and dump data onto the server.

  • Service search descriptors and attribute mapping

  • New profile schema

  • PAM Framework including account management

  • Updated man pages include:

    • ldaplist(1)

    • ldapaddent(1)

    • pam_authok_check(5)

    • pam_authok_get(5)

    • pam_authok_store(5)

    • pam_passwd_auth(5)

    • pam_unix_auth(5)

    • pam_conf(4)

You can obtain the Secured LDAP Client Backport for the Solaris 8 OE from:

http:// sunsolve .sun.com/pub-cgi/show.pl?target=patches/patch-access

In the Enter a Patch ID field, enter one of the following patches:

  • 108993-xx (SPARC systems)

  • 108994-xx (x86 systems)

Категории