Manualshelf

Planning and Configuring HP-UX DCE 2.0

ManualsBrandsHP ManualsSoftwareHP-UX DCE Software
9596979899100101102103104
HP-UX Integrated Login
Integrating DCE with HP-UX Integrated Login
Chapter 7 101
By default, the HP-UX DCE 1.9 Security Server disables logins for
principals whose passwords have expired, and intervention by
cell_admin is required before the principal can log in. If you want to
allow a principal to log in with an expired password, attach an
instance of the passwd_override ERA to that principal. See the OSF
DCE Administration Guide-Core Components and the
WARNPWDEXP and FORCEPWDCHANGE parameters in the
section "Activating HP-UX Integrated Login" earlier in this chapter
for information on how to manage password expiration.
DCE and Anonymous FTP
If you are using the HP-UX Integrated Login utilities on a system that
supports anonymous ftp, be aware of the following:
An ftp account must exist in the DCE registry. This account need
not be password-validated for DCE use, but it must exist. Create this
account using dcecp, or use the passwd_import utility from a system
that is supporting anonymous ftp (such as from a machine that has
an entry for the ftp user in /etc/ passwd).
DCE accounts are global to a DCE cell. If anonymous ftp is
supported anywhere in the cell, the ftp account is known throughout
the cell. In the case that you would like to explicitly disable
anonymous ftp to a local machine, an override entry should be
placed in the passwd_override file for the ftp user. (Typically, an
entry in passwd_override is created by cutting and pasting the ftp
entry from /etc/passwd into the passwd_override file.) To disable
ftp on the local machine, change the passwd_override entry to
contain the word "OMIT" in the passwd field of the entry. For
example, /etc/opt/dce/ passwd_override contains the line:
ftp:OMIT:500:10:anonymous ftp:/users/ftp:/bin/false
See the passwd_override manpage for further details about using the
OMIT keyword.
If you would like to maintain a local anonymous ftp account on a
DCE cell member system, place an entry for the anonymous ftp
account in the passwd_override file on that system. Note that the
home directory for the local anonymous ftp account must reside on
the local system, and that an entry for user ftp must exist in the
DCE registry.