Hello,
We recently had a large system made up of nearly 70 Digital Unix
4.0b,
patchkit 4 boxes come out of development. They are now in the process of
being
integrated into our operational environment. There are various DEC
machines
from Alpha 2100's,255's, and 3000's. They are all running C2 and NIS.
First question:
Their are differences in the /usr/X11/bin/dxaccounts and
/usr/tcb/bin/dxaccounts tools. Digital support said that either could be
used when running C2 security. We were told by the development admin
guys that they have always used the 'tcb' tool with no problems, and
they believe the X11 tool should not be used with C2. Can they both be
used with C2?
Next question:
We were told that we need to hack the prpasswd file and add the
ulock_at_ field to the user record after adding a user account with the tcb
dxaccounts tool. This evidently to allow login by the new user. This
supposedly was
necessitated by login not being allowed even if you unchecked the unlock
account field in the tcb dxaccounts tool.
Could this be a corrupt tcb data base?
Other info:
There is another NIS domain with a very similar setup to the one
above (ie similar machines providing the same functions
as the other NIS domain mentioned above. But there are some real account
problems on this side including:
Using tcb dxaccounts:
-every user added overwrites the previous user(s) added in the group
file if the users are in the same group. The admin
guy that has worked on this has attempted adding users back into the
group file and ran a 'make' on it. It says it is
pushed, yet usersdon't show up in secondary groupsif they run id after
logging in.
-if an individual group is created for a user you have to go into the
group file and manually put an asterisk "*" between
the colons before they can login.
Using X11 dxaccounts:
-group file seems to be updated fine after modifying accounts mentioned
above, but large groups with 30-70 users
are split into multiple groups with the same gid. (This does not seem
to be a problem).
-I personally created my own user account using X11 dxaccounts and all
seemed OK except when I quit
dxaccounts and then came back in there was no icon for my new account.
The account was out there and
functioned OK as a NIS account and even showed up in the tcb dxaccounts
tool.
I know this is a ton of info to digest but if you have some insight it
would be greatly appreciated!
Thanks,
Mark Jaunty
Received on Tue Dec 16 1997 - 20:26:25 NZDT