HP UX DCE Software manual 135

HP-UX Integrated Login

Notes, Cautions, and Warnings

Notes, Cautions, and Warnings

•HP-UX Integrated Login on 10.x is not an upgraded version of DCE-Integrated Login Utilities for 9.x systems. Its activation tool is /usr/sbin/auth.adm. You cannot use dce.login, the 9.x activation tool for DCE-Integrated Login, to activate HP-UX Integrated Login.

•When changing passwords using passwd, the password format rules imposed by the login technology restrict the format of newly-entered passwords. A new password that is acceptable to the login technology might be rejected by an additional technology which has more stringent password format rules. To ensure that passwords in all registries can be synchronously changed, configure the login technology to have the password format rules used by the strictest technology employed on that machine.

To change passwords in just one registry, run /usr/bin/passwd with the -roption. The syntax is as follows:

/usr/bin/passwd -r tech_name [username]

where tech_name is one of the approved abbreviations of authentication technologies. For example, the following command changes the DCE password of the logged-in user:

/usr/bin/passwd -r dce

Beginning with DCE 1.3.1, HP-UX Integrated Login provides support for HP-UX Commercial Security. However, note the following restriction and caution. To activate Integrated Login on a Commercial Security Trusted System, you must specify ux as the login technology. Other login technologies can be configured to perform additional authentications after machine access has been granted by the Commercial Security authentication mechanism. If you have configured Integrated Login on a standard system with a login technology other than ux, do not convert that system to a Commercial Security Trusted System. The following example command activates Integrated Login on a Commercial Security Trusted System with DCE as an additional authentication technology:

/usr/sbin/auth.adm -i -l ux -a dce