auth.adm(1M)auth.adm(1M)NAMEauth.adm - activate, deactivate, or query about HP-UX Integrated Login
tech_name [ tech_name ]
[ tech_name[:tech_name]... ]
[ tech_name:parameter=value[:parameter=value]... ]...
The command makes it easy to activate, deactivate or query about HP-UX
sets up a machine to obtain integrated login behavior using any of the
following commands: and
saves the Integrated Login configuration, specified by
and arguments, in the file This configuration file specifies the
authentication technologies used to authenticate users on a system.
System administrators can specify the technology for system login;
where this login technology is unavailable, a fallback technology for
system login can also be specified. System administrators can also
specify technologies for additional user authentications that will be
done after a user has successfully completed the system login phase.
Integrated behavior of and is obtained by replacing the current with
one that specifies the behavior requested by the arguments. auth.adm
provides an option of enabling the nsswitch for DCE technology. The is
updated with "dce" keyword if this option has been selected. In this
scenario the name service requests for user/group information will be
obtained from DCE depending on the configuration.
After NSS switch is enabled, an option is provided to export the DCE
user/group information to and via a cron job. program could also be
run manually to do this job.
Upon deactivation, restores files that were present on the system
before Integrated Login was installed. It also removes the configura‐
When making a query,
reads the file and prints the result of the query to stdout or to file‐
name specified by the argument.
All actions performed by
are logged into the file
recognizes the following arguments:
activates HP-UX Integrated Login.
an abbreviated name representing an authentication tech‐
nology. Starting with the 10.0 release, the tech_name's
for DCE Registry
for /etc/passwd and other HP-UX login technologies.
specifies the technology used for system login.
specifies the technology used for fallback login.
specifies technologies used for additional authentica‐
tions after a user has been successfully logged in to a
specifies configurable parameters applicable to a tech‐
nology. Parameters for different technologies can be
specified by repeating the argument. Starting with the
10.30 release, the configurable parameters supported
include the following:
Timeout (in seconds) on communications with a technol‐
Default values for TIMEOUT are as follows.
Password expiration warning period (in days). If the
user's password is due to
expire within the specified number of days,
the user receives a warning message during
login. This parameter applies to DCE technol‐
ogy only. If this parameter is not specified,
no warning is given.
Password force-change period (in days). If the user's
password is due to
expire within the specified number of days,
the user is forced to change the password
before login is allowed. This parameter
applies to the DCE technology only. If this
parameter is not specified, a password change
is not forced.
Enable DCE TGT to be forwardable. When forwarding a
user's DCE TGT from machine A
to machine B, it enables the user from machine
A to reuse its Kerberos credentials on machine
B. A parameter value is required, but its
content is ignored. This parameter applies to
DCE technology only.
deactivates HP-UX Integrated Login.
makes a query about the current Integrated Login configu‐
prints result of a query to filename.
The following command activates HP-UX Integrated Login. The configura‐
tion is set to login the user upon successful password verification by
DCE. In the case where DCE is not available, a fallback for login via
/etc/passwd or another HP-UX technology is configured. (Note that this
strategy is effective only if the HP-UX password and DCE password are
The following command activates HP-UX Integrated Login. The configuration
set to login the user upon successful password verification by
/etc/passwd or another HP-UX technology. After machine access has been
granted to the user, the configuration specifies that a DCE login
should also be done.
returns one of the following:
If activation or deactivation fails to complete, the error(s) should be
corrected and re-execution of the activation/deactivation should be
done. cannot deactivate a failed activation.
NOTEauth.adm will restart the pwgrd daemon after the ilogin daemon is
started, if it was already running.
was developed by HP.
log file containing records of actions performed by