Planning and Configuring HP DCE 1.7
1-18 Planning and Configuring HP DCE 1.7
About HP DCE/9000 Version 1.7
Notes, Cautions and Warnings Regarding This Release
HP-UX Integrated Login Utilities
Most systems will require the transfer of account information from
/etc/passwd to the DCE Security Registry before the system will be
useful.
The script /usr/sbin/auth.adm is supplied to activate the integrated
login utilities once your system has been set up with the needed
accounts. See Chapter 6 for more information about using the
/usr/sbin/auth.adm script.
Do not use the auth.adm script to activate the HP-UX Integrated login
utilities until after you have set up the accounts necessary for your site
in the DCE security service registry.
The DCE Audit Service
The DCE Audit Service was first released with HP DCE 1.4.x; the DCE
Audit Service provides auditing capabilities for DCE Security and Time
services.
By default, all audit events are disabled (not logged). As part of the
default DCE configuration start-up, the DCEAUDITFILTERON
environment variable is set. When set, the DCEAUDITFILTERON
environment variable specifies that audit event filtering must be utilized
to enable logging the desired set of audit events.
To enable auditing, the auditd server process must be started on any
system where auditing is desired. As part of the standard DCE
configuration start-up for auditd, a set of audit filters is specified for the
Security, DTS and auditd server processes. (You can modify these filters
as necessary for your site.).
You will need to do some planning to determine the degree of audit
proper for your site, and to allow for disk space overhead for your audit
logs. If you want to do some auditing, such as logging and tracking
modifications to the security registry database, audit filtering is highly
recommended. By using audit filtering, it is possible to change the types
of events being audited dynamically, without needing to restart the
servers for the changes to take effect.