HP UX LDAP-UX Integration Software End user, Login procedure, Password change, User name length, Password expiration, Known problems and limitations, User forced to change password

Manage account and password policies

One of the benefits of the integration is a single point of account management. So, you will be able to manage and enforce account and password policies by using Active Directory. The Active Directory Users and Computers allows you to set account options and account expiration, etc. Those policies will become effective either when a user logs into Windows 2000 or the HP-UX machine.

Known problems and limitationsSlow performance on object enumeration

If you need to enumerate directory objects via getpwent() or getgrent() and you have a large database in Active Directory (for example, more than 5,000 objects), you may experience slow performance depending on the hardware model of your PC. Some HP-UX commands (e.g. finger, groups, newgrp) with implementation dependencies on getgrent() may also experience the performance degradation.

Password expiration

When a user’s password expires, Windows 2000 prompts for the new password, then allows the user to login using the new password. But if the user logs into HP-UX before he changes his password in Windows 2000, the user will not be prompted for a new password and cannot login. The Windows 2000 administrator will have to reset the user’s password, or the user has to log into Windows 2000 client to get a new password before he/she can log into HP-UX machines.

User forced to change password

If the account option “User must change password at next logon” is set, the user cannot log into HP-UX machines even through the password is still valid.

User name length

HP-UX 1l.x limits the length of a user name to 8 characters or less, which is not a limitation for Windows 2000. So, if a user is to be added for HP-UX or both, you cannot set the field “User logon name” longer than 8 characters.

End userLogin procedure

The integration is invisible to end users. Whether logging into Windows 2000 or HP-UX, they use the same procedure as they do without integration.

Password change

Users change their passwords as usual, regardless which platform they log into. If the password is changed from Windows 2000, the new password is also good for logging into HP-UX, and vice versa.

Shell/finger information change

The shell and finger information stored in Active Directory can not be changed using chsh/chfn. The Windows 2000 system adiminstrator can use the Active Directory Users and Computers tool to change them.