Manualshelf

Planning and Configuring HP-UX DCE 2.0

ManualsBrandsHP ManualsSoftwareHP-UX DCE Software
919293949596979899100
HP-UX Integrated Login
Integrating DCE with HP-UX Integrated Login
Chapter 798
Users who configure DCE as the primary login and UNIX as the backup
technology should be aware that the UNIX backend is useful as a backup
only for names and passwords that meet UNIX requirements,
restrictions, and semantics. Also, be aware that configuring the UNIX
backend as a backup technology can cause the following known
problems:
If the DCE registry enforces hidden passwords (which it does by
default), an asterisk (*) is placed in /etc/passwd for all entries and
the UNIX backup will be unable to process any password. Therefore,
configuring UNIX as the fallback login technology will fail to
authenticate the user and cause confusion when attempting to
change a password. Unless you plan not to enforce hidden passwords,
do not configure UNIX as the backup technology.
The UNIX backend will fail for any username longer than eight
characters, which is the maximum length for a UNIX username.
Specifically, this means that:
If the primary login technology fails (for example, if secd is
down) the UNIX backup technology will deny system access to
users with long usernames.
If secd is down, the UNIX backup technology will not allow users
to use the su command to access accounts that have long
usernames.
If secd is running and the user enters the passwd command to
change the password for an account with a long username, the
UNIX backup technology will not process the password change.
Specifically, the following messages will display:
Password successfully changed in DCE registryInvalid
login name.
The first line in the message indicates that the password has
been changed in DCE. The second line indicates that the
password information in /etc/passwd is unchanged because of
the UNIX restriction on the long usernames.
If secd is running, DCE will deny access to the machine to any
users with long usernames whose accounts are set to pwdvalid
no, or who use the force_pwd_expiry <n> feature and whose
passwords will expire within n days.