Manualshelf

Integrating HP-UX 11.x Account Management and Authentication with Microsoft Windows 2000

ManualsBrandsHP ManualsSoftwareHP-UX LDAP-UX Integration Software
17181920212223242526
22
Manage account and password policies
One of the benefits of the integration is a single point of account management. So, you will be able to manage and enforce
account and password policies by using Active Directory. The Active Directory Users and Computers allows you to set
account options and account expiration, etc. Those policies will become effective either when a user logs into Windows 2000
or the HP-UX machine.
Known problems and limitations
Slow performance on object enumeration
If you need to enumerate directory objects via getpwent() or getgrent() and you have a large database in Active Directory (for
example, more than 5,000 objects), you may experience slow performance depending on the hardware model of your PC.
Some HP-UX commands (e.g. finger, groups, newgrp) with implementation dependencies on getgrent() may also experience
the performance degradation.
Password expiration
When a user’s password expires, Windows 2000 prompts for the new password, then allows the user to login using the new
password. But if the user logs into HP-UX before he changes his password in Windows 2000, the user will not be prompted
for a new password and cannot login. The Windows 2000 administrator will have to reset the user’s password, or the user has
to log into Windows 2000 client to get a new password before he/she can log into HP-UX machines.
User forced to change password
If the account option “User must change password at next logon” is set, the user cannot log into HP-UX machines even
through the password is still valid.
User name length
HP-UX 1l.x limits the length of a user name to 8 characters or less, which is not a limitation for Windows 2000. So, if a user
is to be added for HP-UX or both, you cannot set the field “User logon name” longer than 8 characters.
End user
Login procedure
The integration is invisible to end users. Whether logging into Windows 2000 or HP-UX, they use the same procedure as they
do without integration.
Password change
Users change their passwords as usual, regardless which platform they log into. If the password is changed from Windows
2000, the new password is also good for logging into HP-UX, and vice versa.
Shell/finger information change
The shell and finger information stored in Active Directory can not be changed using chsh/chfn. The Windows 2000 system
adiminstrator can use the Active Directory Users and Computers tool to change them.