Planning and Configuring HP DCE 1.7
Planning and Configuring HP DCE 1.7 6-23
HP-UX Integrated Login
Integrating DCE with HP-UX Integrated Login
WARNPWDEXP and FORCEPWDCHANGE parameters in the
section “Activating HP-UX Integrated Login” earlier in this chapter
for information on how to manage password expiration.
DCE and Anonymous FTP
If you are using the HP-UX Integrated Login utilities on a system that
supports anonymous ftp, be aware of the following:
•Anftp account must exist in the DCE registry. This account need not
be password-validated for DCE use, but it must exist. Create this
account using dcecp, or use the passwd_import utility from a
system that is supporting anonymous ftp (such as from a machine
that has an entry for the ftp user in /etc/ passwd).
• DCE accounts are global to a DCE cell. If anonymous ftp is supported
anywhere in the cell, the ftp account is known throughout the cell. In
the case that you would like to explicitly disable anonymous ftp to a
local machine, an override entry should be placed in the
passwd_override file for the ftp user. (Typically, an entry in
passwd_override is created by cutting and pasting the ftp entry
from /etc/passwd into the passwd_override file.) To disable ftp on
the local machine, change the passwd_override entry to contain the
word “OMIT” in the passwd field of the entry. For example,
/etc/opt/dce/ passwd_override contains the line:
ftp:OMIT:500:10:anonymous ftp:/users/ftp:/bin/false
See the passwd_override man page for further details about using the
OMIT keyword.
• If you would like to maintain a local anonymous ftp account on a
DCE cell member system, place an entry for the anonymous ftp
account in the passwd_override file on that system. Note that the
home directory for the local anonymous ftp account must reside on
the local system, and that an entry for user ftp must exist in the DCE
registry.