Manualshelf

HP-UX DCE Version 1.9 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX DCE Software
9101112131415161718
Chapter 1
About This Document
Known Problems and Work Arounds
11
Support for Integrated Login Password Expiration and Password Generation is as follows: When a
password expires, the corresponding account is disabled. The user cannot log in until the DCE cell
administrator reactivates the account. The DCE cell administrator can exempt certain principals from
this security feature by attaching instances of the passwd_override ERA to those principals.
To prevent this problem, users can add the following parameters to an account line in pam.conf:
-warn_pwd_expiry
m
will warn a user when his password is within m days of expiring.
-force_pwd_change
n
will force a user to change his password when it is within n days of expiring.
The new dced-based server configuration and execution features are not fully functional. The following
dcecp commands are not yet implemented. They will be provided in a future release:
server stop -method rpc
server enable
server disable
server create -starton auto
To enable printing, you must add the lp administrator to the passwd_override file; you can do this only
if you create the principal and account for lp in the registry.
xntpd and dtsd cannot run on the same host because they both affect the system clock. If xntpd is
running, do not start dtsd manually or via the DCE configuration tools (DCM, dce_config) without first
stopping the xntpd daemon.
Use the following command to display the dts_update man page:
man dts_update
Most systems will require the transfer of account information from /etc/passwd to the DCE Security
Registry before the system will be useful.
The script /usr/sbin/auth.adm is supplied to activate the integrated login utilities once your system has
been set up with the needed accounts.
You should not use the auth.adm script to activate the integrated login utilities until after you have set up
the accounts necessary for your site in the DCE security service registry.
Login using a fully qualified DCE name is supported for integrated login configurations created by
auth.adm -i -l dce -b ux
auth.adm -i -l dce
but not for other configurations generated by auth.adm.
In normal operation, core dumps of ilogind will be suppressed. To reverse this suppression, create a file,
/var/adm/ilogin/DEBUG, owned by root and with the setuid bit set.
In normal operation, core dumps of libpam_dce.1 will be suppressed. To reverse this suppression, create
a file, /var/adm/ilogin/LIBPAMDCE_DEBUG, owned by root and with the setuid bit set.
Group information used during login is obtained from the local machine, not the DCE registry.
Don't specify "-a dce" option if DCE requires generated passwords.
The HP-UX DCE 1.9 online help has not been updated since HP-UX DCE 1.6.
When configuring HP-UX DCE 1.9, you may safely ignore the following note regarding the online help: