Manualshelf

Planning and Configuring HP-UX DCE 1.9

ManualsBrandsHP ManualsSoftwareHP-UX DCE Software
21222324252627282930
Chapter 2
About HP-UX DCE Version 1.9
HP Password Management Server
21
HP Password Management Server
A Password Management Server implements policies for password strength. Sites can implement site-specific
policies by writing their own Password Management Server, and attaching appropriate Extended Registry
Attributes (ERAs) to the principals that are subject to these policies.
A Password Management Server must implement the interface described in dce/rsec_pwd_mgmt.idl.
In order to be configurable by dce_config or DCM, the Password Management Server must conform to the
following guidelines:
There must be only one Password Management Server per cell.
The Password Management Server must execute on the same machine as the master DCE Security
Server.
The binary must be named pwd_strengthd.
The binary must be located in /opt/dce/sbin.
There must be a single option, -v, on the command line.
The server must log any information it generates to /var/opt/dce/security/pwd_strengthd.log.
The server must export its interfaces to CDS in /.:/subsys/dce/pwd_mgmt/pwd_strength.
The server must use keytab file in /krb5/pwd_strength_tab.
The server must use principal name and CDS entry name of pwd_strength.
The server must not depend on any other environment variables or files that must be configured.
Example Sources
Password Management Server sources are supplied in/opt/dce/examples/. These are the sources used to
build the Password Management Server supplied with the HP-UX DCE release.
Certain files that contain proprietary SecureWare algorithms have been omitted, but stubs are supplied that
allow the resulting server to build. Note that certain values of the pwd_SecureWare_chk ERA (specifically,
values 1 and 2) are unsupported, and will result in failures to pass strength checking if you attempt to use the
example server as described in the documentation. The logfile entry will report that the pwd_SecureWare_chk
level is not supported.
Build Process
The source code directory for pwd_mgmt and the files in it are installed write protected. To build this
application, copy the files into a private, writable directory you create. This way the original files will
continue to be available for you or others to consult.
cd to the private, writable directory where you copied the source files and type:
make -f Makefile.example
Your system's /bin/make command should successfully build the client and server programs using the
Makefile provided, if modified as above.