Planning and Configuring HP DCE 1.8

ManualsBrandsHP ManualsSoftwareHP-UX DCE Software

121

122

123

124

125

126

127

128

129

130

Chapter 6 123

HP-UX Integrated Login

Activating HP-UX Integrated Login

conﬁgured. Parameters of different technologies can be speciﬁed by

repeating the -p[arameter] option. The list of conﬁgurable parameters

is as follows:

TIMEOUT — Timeout (in seconds) on communications with

authentication technology. Default values are:

u-120 seconds dce—120 seconds

WARNPWDEXP — Password expiration warning period (in days). If

the user's password is due to expire within the speciﬁed number of

days, the user receives a warning message during login. This

parameter applies to DCE technology only. If this parameter is not

speciﬁed, no warning is given.

FORCEPWDCHANGE — Password force-change period (in days). If

the user's password is due to expire within the speciﬁed number of

days, the user is forced to change the password before login is

allowed. This parameter applies to the DCE technology only. If this

parameter is not speciﬁed, a password change is not forced.

FORWARDABLETGT — Enable DCE TGT to be forwardable. When

forwarding a user's DCE TGT from machine A to machine B, it

enables the user from machine A to reuse its Kerberos credentials on

machine B. A parameter value is required, but its content is ignored.

This parameter applies to DCE technology only.

Default values are used when no parameter values are speciﬁed.

The following example commands activate HP-UX Integrated Login

and set the conﬁguration as described:

/usr/sbin/auth.adm -install -l dce -b ux

Conﬁguration is set to login the user upon successful password

veriﬁcation by DCE. If DCE is not available, login is effected via NSS

(name service switch). Note that this strategy works only if the

HP-UX and DCE passwords are identical:

/usr/sbin/auth.adm -install -l ux -a dce

Conﬁguration is set to login the user upon successful password

veriﬁcation by /etc/passwd or by the repository based on the NSS

conﬁguration. This conﬁguration speciﬁes that after machine access

has been granted, a DCE login should also be performed.

3. Inspect the ﬁle /var/adm/ilogin/auth.adm.log for ERROR

messages. If there are ERROR messages, correct the error conditions