Install the Password Synchronization daemon

  • Article

Applies To: Windows Server 2003 R2

To install the Password Synchronization daemon

  1. Copy the appropriate source binary file from IDMU\Unix\Bins on the Windows Server 2003 R2 CD to /usr/bin or /usr/local/bin on the UNIX computer, and change its name to ssod. The name of the source binary file depends on the version of UNIX you are using.

    • If the computer is running Hewlett-Packard HP-UX, the source binary file name is ssod.hpx.

    • If the computer is running Red Hat Linux, the source binary file name is ssod.rhl.

    • If the computer is running Sun Microsystems Solaris, the source binary file name is ssod.sol.

    • If the computer is running IBM AIX, the source binary file name is ssod.aix.

  2. Using a binary file-copy method such as File Transfer Protocol (FTP) to avoid corrupting CR/LF (carriage-return/line-feed) pairs, copy Sso.cfg from \Unix\Bins on the Windows Server 2003 R2 CD to /etc on the UNIX computer, and change its name to sso.conf.

  3. Open sso.conf with a text editor.

  4. If you have changed the default encryption key, edit the following line to specify the new default key. This value must match the default key specified on all domain controllers with which this computer will synchronize passwords:

    **ENCRYPT_KEY=**encryptionKey

  5. If you have changed the default port, edit the following line to specify the new port. This value must match the port number specified on all domain controllers with which this computer will synchronize passwords.

    **PORT_NUMBER=**portNumber

  6. Edit the following line to specify one domain controller in each Windows domain with which the computer is to synchronize passwords. If you have specified a nondefault port number or encryption key for the UNIX computer when configuring Password Synchronization on the Windows domain controllers, specify that value where indicated; otherwise, leave the value blank:

    SYNC_HOSTS=(domainController[, portNumber [, encryptionKey]]) ...

    Each entry in the list must be enclosed by parentheses (the "(" and ")" characters) and separated from the next entry by a blank space.

  7. If the computer is a Network Information Service (NIS) master server, and if you want passwords to be synchronized throughout the NIS domain, edit the following line as shown to enable NIS synchronization:

    USE_NIS=1

    Also, if required, edit the following line to specify the location of the NIS makefile:

    **NIS_UPDATE_PATH=**makefilePath

  8. Set the file permissions of sso.conf to read/write for the root user only, and deny access to all other users.

  9. If the computer is running Linux, copy /etc/pam.d/system-auth to /etc/pam.d/ssod.

Important

The sso.conf file contains encryption keys and other sensitive information. For this reason, it must be accessible only by system administrators.

Note

This daemon program must be installed on the computer running UNIX to enable Password Synchronization to change users' passwords on that computer. Password Synchronization supports synchronization with UNIX computers running any of the following operating systems:

  • Hewlett-Packard HP-UX version 11i

  • IBM AIX version 5L 5.2

  • Red Hat Linux versions 8 and 9

  • Sun Solaris version 8 running on x86-based computers and Scalable Processor Architecture (SPARC)–based computers, and Solaris version 9 running on SPARC–based computers

See Also

Concepts

Understanding Password Synchronization
Using sso.conf to configure Password Synchronization on the UNIX computer
Start the Password Synchronization daemon
Install the pluggable authentication module (PAM) on AIX
Install the pluggable authentication module (PAM) on HP-UX
Install the pluggable authentication module (PAM) on Linux
Install the pluggable authentication module (PAM) on Solaris