HP UX DCE Software manual 142

HP-UX Integrated Login

Integrating DCE with HP-UX Integrated Login

•Starts ilogind (the integrated login daemon) and adds it to the startup list. The DCE backend to PAM (PAM-DCE), as well as the DCE backend to NSS (NSS-DCE), communicate with ilogind, which in turn communicates with secd (the DCE Security daemon) to perform security functions. ilogind was introduced at HP DCE 1.6.

During this process, you are asked whether or not you want to activate the DCE backend to the Name Service Switch (NSS-DCE) so that getpw* and getgr* calls access the DCE registry for user information. If you choose to activate NSS-DCE, UNIX utilities will function properly without requiring synchronization of /etc/passwd and the DCE registry. However, if you are configuring a fallback technology, you may still want to run passwd_export in case the DCE registry is unavailable.

If NSS-DCE is activated, auth.adm saves the current version of /etc/nsswitch.conf and creates a new version, which has the same semantics as the configuration policy. For example, if you are configuring integrated login with DCE as the primary login and UNIX as the fallback, then /etc/nsswitch.conf will also use DCE as the primary repository for user information and will use UNIX (/etc/passwd) as the fallback repository for cases where the primary is unavailable.

To enhance performance, NSS-DCE caches information it retrieves from the DCE registry. The cached information is considered valid for a certain number of seconds (called tstale), after which time it becomes stale. The default setting for tstale is 60 seconds, and this can be configured by the user by setting the environment variable NSSDCE_CACHE_TSTALE (the stale time in seconds). If the user desires to disable the caching facility completely, NSSDCE_CACHE_TSTALE can be set to 0 seconds (zero).

During this process you are asked whether or not you want to set up a cron job to export information from the DCE Security Registry to /etc/passwd. If you choose to set up the cron job, the activation process also:

•Saves the /etc/passwd file in /etc/passwd.nodce and the /etc/group file in /etc/group.nodce (if these files do not already exist).

•Executes passwd_export as a cron command. If NSS-DCE is activated, this cron job is run once every day. Otherwise, it is run once every hour. You can adjust this frequency by using the crontab(1) command. Frequencies greater than once per hour are not recommended.