Planning and Configuring HP-UX DCE 2.0
HP-UX Integrated Login
Notes, Cautions, and Warnings
Chapter 7 89
Notes, Cautions, and Warnings
• When changing passwords using passwd, the password format rules
imposed by the login technology restrict the format of newly-entered
passwords. A new password that is acceptable to the login technology
might be rejected by an additional technology which has more
stringent password format rules. To ensure that passwords in all
registries can be synchronously changed, configure the login
technology to have the password format rules used by the strictest
technology employed on that machine.
To change passwords in just one registry, run /usr/bin/passwd with
the -r option. The syntax is as follows:
/usr/bin/passwd -r tech_name [username]
where tech_name is one of the approved abbreviations of
authentication technologies. For example, the following command
changes the DCE password of the logged-in user:
/usr/bin/passwd -r dce
HP-UX Integrated Login provides support for HP-UX Commercial
Security. However, note the following restriction and caution. To
activate Integrated Login on a Commercial Security Trusted System,
you must specify ux as the login technology. Other login technologies
can be configured to perform additional authentications after
machine access has been granted by the Commercial Security
authentication mechanism. If you have configured Integrated Login
on a standard system with a login technology other than ux, do not
convert that system to a Commercial Security Trusted System. The
following example command activates Integrated Login on a
Commercial Security Trusted System with DCE as an additional
authentication technology:
/usr/sbin/auth.adm -i -l ux -a dce
Synchronization of passwords between DCE and an HP-UX
Commercial Security Trusted System cannot be achieved through
the passwd_export cron job. Such synchronization can only be
achieved by separately modifying a user's DCE and HP-UX
passwords to be the same.