|
|
For Terracotta, a year of open source has been good for business
|
|
auth.adm(1M) auth.adm(1M) NAME
auth.adm - activate, deactivate, or query about HP-UX Integrated Login SYNOPSIS
tech_name [ tech_name ] [ tech_name[:tech_name]... ] [ tech_name:parameter=value[:parameter=value]... ]... [ filename ] DESCRIPTION
The command makes it easy to activate, deactivate or query about HP-UX Integrated Login. During activation, sets up a machine to obtain integrated login behavior using any of the following commands: and saves the Integrated Login configuration, specified by and arguments, in the file This configuration file specifies the authentication technologies used to authenticate users on a system. System administrators can specify the technology for system login; where this login technology is unavailable, a fallback technology for system login can also be specified. System administrators can also specify technologies for additional user authentications that will be done after a user has successfully completed the system login phase. Integrated behavior of and is obtained by replacing the current with one that specifies the behavior requested by the arguments. auth.adm provides an option of enabling the nsswitch for DCE technology. The is updated with "dce" keyword if this option has been selected. In this scenario the name service requests for user/group information will be obtained from DCE depending on the configuration. After NSS switch is enabled, an option is provided to export the DCE user/group information to and via a cron job. program could also be run manually to do this job. Upon deactivation, restores files that were present on the system before Integrated Login was installed. It also removes the configuration file. When making a query, reads the file and prints the result of the query to stdout or to filename specified by the argument. All actions performed by are logged into the file ARGUMENTS
recognizes the following arguments: activates HP-UX Integrated Login. tech_name an abbreviated name representing an authentication technology. Starting with the 10.0 release, the tech_name's supported are: for DCE Registry for /etc/passwd and other HP-UX login technologies. tech_name specifies the technology used for system login. tech_name specifies the technology used for fallback login. tech_name[:tech_name]... specifies technologies used for additional authentications after a user has been successfully logged in to a system. tech_name:parameter=value[:parameter=value]... specifies configurable parameters applicable to a technology. Parameters for different technologies can be specified by repeating the argument. Starting with the 10.30 release, the configurable parameters supported include the following: Timeout (in seconds) on communications with a technology. Default values for TIMEOUT are as follows. 180 seconds ignored Password expiration warning period (in days). If the user's password is due to expire within the specified number of days, the user receives a warning message during login. This parameter applies to DCE technology only. If this parameter is not specified, no warning is given. Password force-change period (in days). If the user's password is due to expire within the specified number of days, the user is forced to change the password before login is allowed. This parameter applies to the DCE technology only. If this parameter is not specified, a password change is not forced. Enable DCE TGT to be forwardable. When forwarding a user's DCE TGT from machine A to machine B, it enables the user from machine A to reuse its Kerberos credentials on machine B. A parameter value is required, but its content is ignored. This parameter applies to DCE technology only. deactivates HP-UX Integrated Login. makes a query about the current Integrated Login configuration. filename prints result of a query to filename. EXAMPLES
The following command activates HP-UX Integrated Login. The configuration is set to login the user upon successful password verification by DCE. In the case where DCE is not available, a fallback for login via /etc/passwd or another HP-UX technology is configured. (Note that this strategy is effective only if the HP-UX password and DCE password are identical.) The following command activates HP-UX Integrated Login. The configuration is set to login the user upon successful password verification by /etc/passwd or another HP-UX technology. After machine access has been granted to the user, the configuration specifies that a DCE login should also be done. RETURN VALUE
returns one of the following: Successfully completed Error(s) occurred WARNING
If activation or deactivation fails to complete, the error(s) should be corrected and re-execution of the activation/deactivation should be done. cannot deactivate a failed activation. NOTE
auth.adm will restart the pwgrd daemon after the ilogin daemon is started, if it was already running. AUTHOR
was developed by HP. FILES
log file containing records of actions performed by SEE ALSO
auth.adm(1M)
