Planning and Configuring HP DCE 1.8
Chapter 6 133
HP-UX Integrated Login
Integrating DCE with HP-UX Integrated Login
• Does not create accounts fromNIS information. However, you can run
passwd_import on the source file used to generate the NIS map to
import NIS information into DCE. You still have to mark valid and
assign a password to each imported account.
See the dcecp (1m) , passwd_export (1m), and passwd_import (1m) man
pages or the OSF DCE Administration Guide-Core Components for more
information on importing and exporting account information, and on
creating and modifying DCE registry accounts.
Configuring HP-UX Integrated Login with DCE
To integrate DCE with HP-UX Integrated Login in each DCE cell
member system:
• Be sure that you have completed the steps in the previous section
"Preparing to Integrate DCE with HP-UX Integrated Login".
• Follow the instructions given in the section entitled "Activating
HP-UX Integrated Login". When issuing the command to activate
HP-UX Integrated Login, substitute the string "dce" for the required
tech_name field when specifying the authentication policy.
If DCE is specified as the login technology, auth.adm performs the
following actions:
• Verifies that the system is not configured with HP-UX Commercial
Security.
• Verifies that a root account exists in the DCE Security Registry.
• Copies the root account entry in /etc/passwd to /etc/opt/dce/
passwd_override.
• Starts ilogind (the integrated login daemon) and adds it to the
startup list. The DCE backend to PAM (PAM-DCE), as well as the
DCE backend to NSS (NSS-DCE), communicate with ilogind, which
in turn communicates with secd (the DCE Security daemon) to
perform security functions. ilogind was introduced at HP DCE 1.6.
During this process, you are asked whether or not you want to activate
the DCE backend to the Name Service Switch (NSS-DCE) so that
getpw* and getgr* calls access the DCE registry for user information. If
you choose to activate NSS-DCE, UNIX utilities will function properly
without requiring synchronization of /etc/passwd and the DCE registry.
However, if you are configuring a fallback technology, you may still want