Planning and Configuring HP DCE 1.8
Chapter 6 131
HP-UX Integrated Login
Integrating DCE with HP-UX Integrated Login
passwords can be up to 512 characters.
• HP-UX Integrated Login utilities take longer to execute and require
more system resources than the HP-UX equivalents.
• For operations that do not require the user to enter a password, no
DCE credentials are obtained. Examples include:
- su when executed by root
- rlogin when an .rhosts file authorizes access
- Anonymous ftp
Preparing to Integrate DCE with HP-UX Integrated
Login
Before integrating DCE with HP-UX Integrated Login on a system, you
must prepare as follows. You can configure DCE as either the login
technology or as an additional technology.
If you plan to configure DCE as the login technology:
• Configure the system as a DCE cell member.
• Set up a valid root account in the DCE Security Registry.
• Set up valid accounts in the DCE Security Registry for all users that
require login access to the cell, or local login access to cell member
systems. Use either dcecp or passwd_import to set up accounts.
• Decide whether to configure ux as the fallback technology, and, if so,
whether to export DCE Registry data to /etc/passwd via a
passwd_export entry in your crontab file. It is recommended that
you use this mechanism to keep the local password file synchronized
with the DCE Registry, in the event that fallback login is needed. (See
"Activating HP-UX Integrated Login" in this chapter for further
information.)
• Decide whether to activate the DCE backend to the Name Service
Switch (NSS-DCE) so that getpw* and getgr* calls access the DCE
registry for user information. (See the previous section, "Operation of
the HP-UX Integrated Login Utilities," for further information.)
• Create entries in /etc/opt/dce/passwd_override for any accounts
(such as printing or backup services) that require access to your
system, but not to the DCE cell. Entries may be copied directly from