Planning and Configuring HP DCE 1.7
6-14 Planning and Configuring HP DCE 1.7
HP-UX Integrated Login
Integrating DCE with HP-UX Integrated Login
Deciding Whether to Integrate DCE with
HP-UX Integrated Login
If you want to configure DCE as the login technology with HP-UX
Integrated Login, consider the following:
• The system environment must be stable. Therefore, DCE must be left
configured and the DCE cell must be maintained. The network must
remain reliable 24 hours a day.
• All users of a system must have a DCE account, including users who
are declared in passwd_override.
• All account administration must be done through the DCE registry.
• NIS access is disabled for password and group mapping.
• The system must not be configured with HP-UX Commercial Security.
For a discussion of the Integrated Login support for Commercial Security
and how to configure it, see “Notes, Cautions, and Warnings” earlier in
this chapter.
Operation of the HP-UX Integrated Login
Utilities
The HP-UX Integrated Login utilities function in the same way as their
HP-UX counterparts, with the following exceptions:
• Most commands provide additional messages when DCE
authentication is unavailable.
• The passwd utility manipulates the DCE registry. It will fail if the
DCE network registry cannot be reached. The passwd command
synchronously changes the DCE registry, supporting the password
generation and password strength checking features provided by HP
DCE Version 1.7 servers. However, if DCE is configured as an
additional technology, you cannot use passwd to change a DCE
password that is required to be generated. You must use dcecp
instead.
• User root cannot change account information (such as passwords,
finger information, and shell programs) of other users in the DCE
Security Registry. The cell administrator must login as cell_admin
and use dcecp or the HP-UX Integrated utilities (such as passwd,
chfn or chsh) to change other users’ information.