Planning and Configuring HP DCE 1.7

ManualsBrandsHP ManualsSoftwareHP-UX DCE Software

141

142

143

144

145

146

147

148

149

150

Planning and Conﬁguring HP DCE 1.7 6-19

HP-UX Integrated Login

Integrating DCE with HP-UX Integrated Login

Activation terminates with an error message when any of these steps

fails.

Conﬁguring ux as a Fallback Technology for

DCE

You can conﬁgure ux as a fallback technology to allow system access

when DCE, as a login technology, is not available (DCE down or network

problem). If you wish to replicate information of the DCE Security

Registry in /etc/passwd, do the following:

• Make sure the DCE Security Registry is not set up to hide exported

passwords. When exported passwords are hidden, passwd_export

does not export the encrypted passwords from the DCE Security

Registry to /etc/ passwd. You can verify this property of the DCE

Security Registry by running dcecp and issuing the command

registry show at the prompt. You can disable hidden passwords by

issuing the command registry modify -hidepwd no at the prompt.

To change this property, you must have cell_admin DCE credentials.

NOTE If you wish to take advantage of the increased security provided by the

DCE Security Registry hidden passwords policy, do not conﬁgure ux as a

fallback technology. Specify DCE as the primary login technology, with

no fallback login technology.

• Set up a cron job to export information from the DCE Security

Registry to /etc/passwd. You are asked, during the activation

process, whether or not to set up such a cron job. With your approval,

a passwd_export cron job is set up. If NSS-DCE is activated, this

cron job is run once every day. Otherwise, it is run once every hour.

You can adjust this frequency by using the crontab(1) command.

Frequencies greater than once per hour are not recommended.

• If you wish to prevent a certain user from logging in to the local

system, create an entry for that user in the passwd_override ﬁle

and place the word “OMIT” in the password ﬁeld of the entry.

passwd_export will exclude those entries from /etc/passwd when

transferring information from the DCE Security Registry.

Users who conﬁgure DCE as the primary login and UNIX as the backup

technology should be aware that the UNIX backend is useful as a backup

only for names and passwords that meet UNIX requirements,