Planning and Configuring HP-UX DCE 2.0
HP-UX Integrated Login
Integrating DCE with HP-UX Integrated Login
Chapter 7 97
Activation terminates with an error message when any of these steps
fails.
Configuring ux as a Fallback Technology for DCE
You can configure ux as a fallback technology to allow system access
when DCE, as a login technology, is not available (DCE down or network
problem). If you wish to replicate information of the DCE Security
Registry in /etc/passwd, do the following:
• Make sure the DCE Security Registry is not set up to hide exported
passwords. When exported passwords are hidden, passwd_export
does not export the encrypted passwords from the DCE Security
Registry to /etc/ passwd. You can verify this property of the DCE
Security Registry by running dcecp and issuing the command
registry show at the prompt. You can disable hidden passwords by
issuing the command registry modify -hidepwd no at the
prompt. To change this property, you must have cell_admin DCE
credentials.
NOTE If you wish to take advantage of the increased security provided by
the DCE Security Registry hidden passwords policy, do not configure
ux as a fallback technology. Specify DCE as the primary login
technology, with no fallback login technology.
• Set up a cron job to export information from the DCE Security
Registry to /etc/passwd. You are asked, during the activation
process, whether or not to set up such a cron job. With your
approval, a passwd_export cron job is set up. If NSS-DCE is
activated, this cron job is run once every day. Otherwise, it is run
once every hour. You can adjust this frequency by using the
crontab(1) command. Frequencies greater than once per hour are
not recommended.
• If you wish to prevent a certain user from logging in to the local
system, create an entry for that user in the passwd_override file
and place the word "OMIT" in the password field of the entry.
passwd_export will exclude those entries from /etc/passwd when
transferring information from the DCE Security Registry.