Planning and Configuring HP DCE 1.8
44 Chapter1
About HP DCE/9000 Version 1.8
HP Password Management Server
HP Password Management Server
A Password Management Server implements policies for password
strength. Sites can implement site-specific policies by writing their own
Password Management Server, and attaching appropriate Extended
Registry Attributes (ERAs) to the principals that are subject to these
policies.
A Password Management Server must implement the interface described
in dce/rsec_pwd_mgmt.idl.
In order to be configurable by dce_config or DCM, the Password
Management Server must conform to the following guidelines:
• There must be only one Password Management Server per cell.
• The Password Management Server must execute on the same
machine as the master DCE Security Server.
• The binary must be named pwd_strengthd.
• The binary must be located in /opt/dce/sbin.
• There must be a single option, -v, on the command line.
• The server must log any information it generates to
/var/opt/dce/security/pwd_strengthd.log.
• The server must export its interfaces to CDS in
/.:/subsys/dce/pwd_mgmt/pwd_strength.
• The server must use keytab file in /krb5/pwd_strength_tab.
• The server must use principal name and CDS entry name of
pwd_strength.
• The server must not depend on any other environment variables or
files that must be configured.
Example Sources
Password Management Server sources are supplied in/
opt/dce/share/hpexam. These are the sources used to build the
Password Management Server supplied with the HP DCE release.
Certain files that contain proprietary SecureWare algorithms have been