HP-UX Integrated Login

Integrating DCE with HP-UX Integrated Login

Decide whether to activate the DCE backend to the Name Service Switch (NSS-DCE) so that getpw* and getgr* calls access the DCE registry for user information. (See the previous section, "Operation of the HP-UX Integrated Login Utilities," for further information.)

Create entries in /etc/opt/dce/passwd_override for any accounts (such as printing or backup services) that require access to your system, but not to the DCE cell. Entries may be copied directly from /etc/passwd and appended to /etc/opt/dce/passwd_override. The activation process will automatically create an override entry for root; however, you must create override entries for any root aliases.

The passwd_override file can also be used to disable access to the local system for selected users or groups. See the passwd_override man page for details.

If necessary, use the /etc/opt/dce/sys.group and /etc/opt/dce/group_override files to override the entries in /etc/group. Use group_override to override /etc/group entries that have an account in the DCE Registry; use sys.group for those that do not.

The default /etc/opt/dce/sys.group file contains:

root::0:

other::1:

sys::3:

adm::4:

lp::7:

The default /etc/opt/dce/group_override file contains:

bin::2:

daemon::5:

mail::6:

If you plan to configure DCE as an additional technology:

Configure the system as a DCE cell member.

Set up valid accounts in the DCE Security Registry for all users that require login access to the cell. Use either dcecp or passwd_import to set up accounts.

6-16

Planning and Configuring HP DCE 1.7