Planning and Configuring HP DCE 1.7

ManualsBrandsHP ManualsSoftwareHP-UX DCE Software

141

142

143

144

145

146

147

148

149

150

6-22 Planning and Conﬁguring HP DCE 1.7

HP-UX Integrated Login

Integrating DCE with HP-UX Integrated Login

• If you have set up a passwd_export cron job to update /etc/passwd

with DCE Registry data, any changes you make to /etc/passwd will

be lost when the cron job updates /etc/passwd.

• When DCE is unavailable and HP-UX Integrated Login is conﬁgured

to fall back to /etc/passwd, if /etc/passwd has been updated with

information from the DCE Security Registry, and the ﬁrst 8

characters of the password a user enters at login match the ﬁrst 8

characters of that user’s DCE password, then the login will succeed

even though the password entered may not be identical to the DCE

password. The user will not, however, have DCE credentials.

• If you are logged in to DCE from a foreign cell, note that you cannot

use the passwd command to change your password.

• The HP-UX Integrated Login utilities may not work when the system

disk is full or disk quotas are exceeded. DCE requires disk space for

the creation of temporary ﬁles.

• DCE credentials are not automatically removed when the user logs

out. The administrator can set up a cron job to remove credentials

when users log out as described in “Removing DCE Credentials” in

Chapter 1.

• CDE requires that users have permission to write to their home

directories. By default, dcecp and the Account Manager set a user’s

home directory to “/”. To enable users other than root to write to their

home directories, change the default home directory (“/”) to a home

directory that the user can write to, such as /users/foo. Failure to

take this action could prevent users from accessing the system.

• Principals with a passwd_override entry (for example, root) cannot

use the passwd command to change passwords in the

passwd_override ﬁle. This can be done in two steps. First, use the

passwd -r ﬁles command to change the password in the

/etc/passwd ﬁle. Then, as root, cut and paste the appropriate

password entry from /etc/passwd into passwd_override.

• By default, the HP DCE 1.7 Security Server disables logins for

principals whose passwords have expired, and intervention by

cell_admin is required before the principal can log in. If you want to

allow a principal to log in with an expired password, attach an

instance of the passwd_override ERA to that principal. See the

OSF DCE Administration Guide—Core Components and the