HP UX DCE Software manual 147

HP-UX Integrated Login

Integrating DCE with HP-UX Integrated Login

WARNPWDEXP and FORCEPWDCHANGE parameters in the section “Activating HP-UX Integrated Login” earlier in this chapter for information on how to manage password expiration.

DCE and Anonymous FTP

If you are using the HP-UX Integrated Login utilities on a system that supports anonymous ftp, be aware of the following:

•An ftp account must exist in the DCE registry. This account need not be password-validated for DCE use, but it must exist. Create this account using dcecp, or use the passwd_import utility from a system that is supporting anonymous ftp (such as from a machine that has an entry for the ftp user in /etc/ passwd).

•DCE accounts are global to a DCE cell. If anonymous ftp is supported anywhere in the cell, the ftp account is known throughout the cell. In the case that you would like to explicitly disable anonymous ftp to a local machine, an override entry should be placed in the passwd_override file for the ftp user. (Typically, an entry in passwd_override is created by cutting and pasting the ftp entry from /etc/passwd into the passwd_override file.) To disable ftp on the local machine, change the passwd_override entry to contain the word “OMIT” in the passwd field of the entry. For example, /etc/opt/dce/ passwd_override contains the line:

ftp:OMIT:500:10:anonymous ftp:/users/ftp:/bin/false

See the passwd_override man page for further details about using the OMIT keyword.

•If you would like to maintain a local anonymous ftp account on a DCE cell member system, place an entry for the anonymous ftp account in the passwd_override file on that system. Note that the home directory for the local anonymous ftp account must reside on the local system, and that an entry for user ftp must exist in the DCE registry.