HP UX DCE Software manual 138

HP-UX Integrated Login

Integrating DCE with HP-UX Integrated Login

Deciding Whether to Integrate DCE with HP-UX Integrated Login

If you want to configure DCE as the login technology with HP-UX Integrated Login, consider the following:

•The system environment must be stable. Therefore, DCE must be left configured and the DCE cell must be maintained. The network must remain reliable 24 hours a day.

•All users of a system must have a DCE account, including users who are declared in passwd_override.

•All account administration must be done through the DCE registry.

•NIS access is disabled for password and group mapping.

•The system must not be configured with HP-UX Commercial Security.

For a discussion of the Integrated Login support for Commercial Security and how to configure it, see “Notes, Cautions, and Warnings” earlier in this chapter.

Operation of the HP-UX Integrated Login Utilities

The HP-UX Integrated Login utilities function in the same way as their HP-UX counterparts, with the following exceptions:

•Most commands provide additional messages when DCE authentication is unavailable.

•The passwd utility manipulates the DCE registry. It will fail if the DCE network registry cannot be reached. The passwd command synchronously changes the DCE registry, supporting the password generation and password strength checking features provided by HP DCE Version 1.7 servers. However, if DCE is configured as an additional technology, you cannot use passwd to change a DCE password that is required to be generated. You must use dcecp instead.

•User root cannot change account information (such as passwords, finger information, and shell programs) of other users in the DCE Security Registry. The cell administrator must login as cell_admin and use dcecp or the HP-UX Integrated utilities (such as passwd, chfn or chsh) to change other users’ information.