Manualshelf

Planning and Configuring HP-UX DCE 2.0

ManualsBrandsHP ManualsSoftwareHP-UX DCE Software
12345678910
About HP-UX DCE Version 2.0
HP-UX DCE Core Services Software
Chapter 2 7
A set of HP-UX Integrated login utilities that authenticate users
using the DCE Security Registry instead of using /etc/passwd and
/etc/group. HP-UX DCE 2.0 includes improvements to login,
dtlogin, su, passwd, telnet, and rlogin, as well as new HP-UX
Integrated versions of ftpd and dtsession and enhanced support
for CDE/PAM. See Chapter 6, Configuring HP-UX DCE Cells, on
page 47 for more information about these utilities.
cdsclerk (new at HP-UX DCE 1.5) no longer runs as separate
processes. The cdsclerk functionality has been merged into the
cdsadv process. The cdsadv client process is now the only HP-UX
DCE CDS client process.
The dced daemon (new at HP-UX DCE 1.5) supports the new -r
option. This option starts dced in remote-update mode, which allows
DCE cell administration tasks to be performed by an administrator
on a remote machine. In order to help prevent attacks, the dced
default behavior is to disallow any remote administration.
HP has enhanced the dcecp registry connect command with two
new options that support intercell login. Table 2-1 lists and describes
the new options that support intercell login.
HP has added a new -r option, which refreshes a user's credentials,
to dce_login. HP recommends that users use dce_login -r rather
than kinit to refresh their credentials, since dce_login -r uses the
more secure DCE Third-party pre authentication protocol, whereas
kinit uses the less secure Kerberos 5 Timestamps protocol.
HP has changed the default behavior of its configuration tools to
automatically enable audit filtering.
Table 2-1 New Options for dcecp registry connect Command
Option Description
-acctvalid Marks the local cell account as a valid account. A
valid local cell account allows users from the
foreign cell to login to nodes in the local cell. The
default is invalid.
-facctvalid Marks the foreign cell account as a valid account.
A valid foreign cell account allows users from the
local cell to login to nodes in the foreign cell. The
default is invalid.