Planning and Configuring HP-UX DCE 1.9
Chapter 7
HP-UX Integrated Login
Integrating DCE with HP-UX Integrated Login
90
DCE and Anonymous FTP
If you are using the HP-UX Integrated Login utilities on a system that supports anonymous ftp, be aware of
the following:
•Anftp account must exist in the DCE registry. This account need not be password-validated for DCE use,
but it must exist. Create this account using dcecp, or use the passwd_import utility from a system that is
supporting anonymous ftp (such as from a machine that has an entry for the ftp user in /etc/ passwd).
• DCE accounts are global to a DCE cell. If anonymous ftp is supported anywhere in the cell, the ftp
account is known throughout the cell. In the case that you would like to explicitly disable anonymous ftp
to a local machine, an override entry should be placed in the passwd_override file for the ftp user.
(Typically, an entry in passwd_override is created by cutting and pasting the ftp entry from
/etc/passwd into the passwd_override file.) To disable ftp on the local machine, change the
passwd_override entry to contain the word "OMIT" in the passwd field of the entry. For example,
/etc/opt/dce/ passwd_override contains the line: ftp:OMIT:500:10:anonymous
ftp:/users/ftp:/bin/false
See the passwd_override manpage for further details about using the OMIT keyword.
• If you would like to maintain a local anonymous ftp account on a DCE cell member system, place an
entry for the anonymous ftp account in the passwd_override file on that system. Note that the home
directory for the local anonymous ftp account must reside on the local system, and that an entry for user
ftp must exist in the DCE registry.