Planning and Configuring HP DCE 1.8

ManualsBrandsHP ManualsSoftwareHP-UX DCE Software

131

132

133

134

135

136

137

138

139

140

138 Chapter6

HP-UX Integrated Login

Integrating DCE with HP-UX Integrated Login

use the passwd command to change your password.

• The HP-UX Integrated Login utilities may not work when the system

disk is full or disk quotas are exceeded. DCE requires disk space for

the creation of temporary ﬁles.

• DCE credentials are not automatically removed when the user logs

out. The administrator can set up a cron job to remove credentials

when users log out as described in "Removing DCE Credentials" in

Chapter 1.

• CDE requires that users have permission to write to their home

directories. By default, dcecp and the Account Manager set a user's

home directory to "/". To enable users other than root to write to their

home directories, change the default home directory ("/") to a home

directory that the user can write to, such as /users/foo. Failure to

take this action could prevent users from accessing the system.

• Principals with a passwd_override entry (for example, root) cannot

use the passwd command to change passwords in the

passwd_override ﬁle. This can be done in two steps. First, use the

passwd -r ﬁles command to change the password in the

/etc/passwd ﬁle. Then, as root, cut and paste the appropriate

password entry from /etc/passwd into passwd_override.

• By default, the HP DCE 1.8 Security Server disables logins for

principals whose passwords have expired, and intervention by

cell_admin is required before the principal can log in. If you want to

allow a principal to log in with an expired password, attach an

instance of the passwd_override ERA to that principal. See the

OSF DCE Administration Guide-Core Components and the

WARNPWDEXP and FORCEPWDCHANGE parameters in the

section "Activating HP-UX Integrated Login" earlier in this chapter

for information on how to manage password expiration.

DCE and Anonymous FTP

If you are using the HP-UX Integrated Login utilities on a system that

supports anonymous ftp, be aware of the following:

•Anftp account must exist in the DCE registry. This account need not

be password-validated for DCE use, but it must exist. Create this

account using dcecp, or use the passwd_import utility from a

system that is supporting anonymous ftp (such as from a machine

that has an entry for the ftp user in /etc/ passwd).