Manualshelf

Planning and Configuring HP-UX DCE 1.9

ManualsBrandsHP ManualsSoftwareHP-UX DCE Software
81828384858687888990
Chapter 7
HP-UX Integrated Login
Notes, Cautions, and Warnings
83
Notes, Cautions, and Warnings
When changing passwords using passwd, the password format rules imposed by the login technology
restrict the format of newly-entered passwords. A new password that is acceptable to the login technology
might be rejected by an additional technology which has more stringent password format rules. To ensure
that passwords in all registries can be synchronously changed, configure the login technology to have the
password format rules used by the strictest technology employed on that machine.
To change passwords in just one registry, run /usr/bin/passwd with the -r option. The syntax is as
follows:
/usr/bin/passwd -r tech_name [username]
where tech_name is one of the approved abbreviations of authentication technologies. For example, the
following command changes the DCE password of the logged-in user:
/usr/bin/passwd -r dce
HP-UX Integrated Login provides support for HP-UX Commercial Security. However, note the following
restriction and caution. To activate Integrated Login on a Commercial Security Trusted System, you must
specify ux as the login technology. Other login technologies can be configured to perform additional
authentications after machine access has been granted by the Commercial Security authentication
mechanism. If you have configured Integrated Login on a standard system with a login technology other
than ux, do not convert that system to a Commercial Security Trusted System. The following example
command activates Integrated Login on a Commercial Security Trusted System with DCE as an
additional authentication technology:
/usr/sbin/auth.adm -i -l ux -a dce
Synchronization of passwords between DCE and an HP-UX Commercial Security Trusted System cannot
be achieved through the passwd_export cron job. Such synchronization can only be achieved by
separately modifying a user's DCE and HP-UX passwords to be the same.
DCE passwords are global to a network, whereas the Commercial Security passwords are local to a single
system. To change a password when using DCE with Commercial Security, first change it for HP-UX and
DCE on one system. This can be done in one step with the passwd command, provided the new password
chosen is acceptable to both HP-UX and DCE. Then change it on all the other HP-UX systems on which
you have an account by using the passwd command with the -r option.
NOTE Users logged in to a foreign cell cannot use the passwd command to change a password.