Secured LDAP Client Backport to the Solaris 8 OE

Now that we have touched on the Solaris 9 OE Secured LDAP clients, which have the option to use TLSv1 and SASL/DIGEST-MD5 for authentication, we can discuss what has been done with the Solaris 8 OE LDAP clients. Initially as previously discussed, the Solaris 8 OE LDAP clients relied on clear text passwords or the less secure SASL/CRAM-MD5 for authentication. This is obviously not desirable for customers that wanted to deploy a secure naming service, and also maintain equal and matching functionality in both the Solaris 8 and 9 OE.

With this in mind, Sun backported the Secured LDAP Client found in the Solaris 9 OE to the Solaris 8 OE to provide TLSv1/ and SASL/DIGEST-MD5 support for the LDAP client. The following lists what functionality has been backported:

• The configuration of the directory server (LDAP) setup has been simplified with the use of idsconfig .

• A more robust security model that supports strong authentication and Transport Layer Security (TLS) encrypted sessions. A client's proxy credentials are no longer stored in a client s profile on the directory server.

• The ldapaddent command allows you to populate and dump data onto the server.

• Service search descriptors and attribute mapping

• New profile schema

• PAM Framework including account management

• Updated man pages include:

  • ldaplist(1)

  • ldapaddent(1)

  • pam_authok_check(5)

  • pam_authok_get(5)

  • pam_authok_store(5)

  • pam_passwd_auth(5)

  • pam_unix_auth(5)

  • pam_conf(4)

You can obtain the Secured LDAP Client Backport for the Solaris 8 OE from:

http:// sunsolve .sun.com/pub-cgi/show.pl?target=patches/patch-access

In the Enter a Patch ID field, enter one of the following patches:

• 108993-xx (SPARC systems)

• 108994-xx (x86 systems)