Manualshelf

Planning and Configuring HP-UX DCE 2.0

ManualsBrandsHP ManualsSoftwareHP-UX DCE Software
919293949596979899100
HP-UX Integrated Login
Integrating DCE with HP-UX Integrated Login
Chapter 796
in turn communicates with secd (the DCE Security daemon) to
perform security functions. ilogind was introduced at HP-UX DCE
1.6.
During this process, you are asked whether or not you want to activate
the DCE backend to the Name Service Switch (NSS-DCE) so that getpw*
and getgr* calls access the DCE registry for user information. If you
choose to activate NSS-DCE, UNIX utilities will function properly
without requiring synchronization of /etc/passwd and the DCE
registry. However, if you are configuring a fallback technology, you may
still want to run passwd_export in case the DCE registry is
unavailable.
If NSS-DCE is activated, auth.adm saves the current version of
/etc/nsswitch.conf and creates a new version, which has the same
semantics as the configuration policy. For example, if you are configuring
integrated login with DCE as the primary login and UNIX as the
fallback, then /etc/nsswitch.confwill also use DCE as the primary
repository for user information and will use UNIX (/etc/passwd) as the
fallback repository for cases where the primary is unavailable.
To enhance performance, NSS-DCE caches information it retrieves from
the DCE registry. The cached information is considered valid for a
certain number of seconds (called tstale), after which time it becomes
stale. The default setting for tstale is 60 seconds, and this can be
configured by the user by setting the environment variable
NSSDCE_CACHE_TSTALE (the stale time in seconds). If the user
desires to disable the caching facility completely,
NSSDCE_CACHE_TSTALE can be set to 0 seconds (zero).
During this process you are asked whether or not you want to set up a
cron job to export information from the DCE Security Registry to
/etc/passwd. If you choose to set up the cron job, the activation process
also:
Saves the /etc/passwd file in /etc/passwd.nodce and the
/etc/group file in /etc/group.nodce (if these files do not already
exist).
Executes passwd_export as a cron command. If NSS-DCE is
activated, this cron job is run once every day. Otherwise, it is run
once every hour. You can adjust this frequency by using the
crontab(1) command. Frequencies greater than once per hour are
not recommended.