Manualshelf

Planning and Configuring HP-UX DCE 1.9

ManualsBrandsHP ManualsSoftwareHP-UX DCE Software
81828384858687888990
Chapter 7
HP-UX Integrated Login
Integrating DCE with HP-UX Integrated Login
84
Integrating DCE with HP-UX Integrated Login
HP-UX DCE 1.9 provides support for integrating DCE with HP-UX Integrated Login. The binaries for this
functionality are included in the AUTH-DCE file set.
Overview of HP-UX Integrated Login Features
The HP-UX Integrated Login utilities provide the following features:
If DCE is configured as the login technology, the Integrated Login utilities authenticate users via the
DCE Security Registry, giving users DCE credentials upon HP-UX login. This makes it possible for
system administrators to use DCE as the primary source of user information.
If DCE is configured as an additional technology, the Integrated Login utilities attempt to get DCE
credentials for a user after the user successfully logs in via another technology.
In HP-CDE, each window created during an HP-CDE session inherits the user's DCE credentials.
(Otherwise, a user would have to run dce_login in every window in which DCE operations are desired.)
Integrated dtsession refreshes DCE credentials upon unlocking the HP-CDE session.
If the DCE backend to the Name Service Switch (NSS-DCE) is activated, the getpwnam and getgrnam
family of calls will retrieve user account information from the DCE registry (rather than from
/etc/passwd). This allows UNIX utilities to function properly without requiring that /etc/passed be
synchronized with the DCE registry. For backup purposes, it is still recommended that /etc/passwd be
synchronized with the DCE registry, but this synchronization can be done less frequently if NSS-DCE is
activated.
Deciding Whether to Integrate DCE with HP-UX Integrated Login
If you want to configure DCE as the login technology with HP-UX Integrated Login, consider the following:
The system environment must be stable. Therefore, DCE must be left configured and the DCE cell must
be maintained. The network must remain reliable 24 hours a day.
All users of a system must have a DCE account, including users who are declared in passwd_override.
All account administration must be done through the DCE registry.
NIS access is disabled for password and group mapping.
The system must not be configured with HP-UX Commercial Security.
For a discussion of the Integrated Login support for Commercial Security and how to configure it, see “Notes,
Cautions, and Warnings About Using HP-UX Integrated Login with DCE” on page 89".
Operation of the HP-UX Integrated Login Utilities
The HP-UX Integrated Login utilities function in the same way as their HP-UX counterparts, with the
following exceptions:
Most commands provide additional messages when DCE authentication is unavailable.