Manualshelf

OSF DCE Administration Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
461462463464465466467468469470
OSF DCE Administration Guide—Core Components
You can override registry entries for local machines. By using overrides, you can, for
example, prevent individuals and groups from logging into a particular machine,
establish local root passwords, and tailor local user environments. The override
information is in effect for the local machine only and has no effect on the account
information that is stored in the registry.
The override mechanism provides a high level of local autonomy and allows individual
users to control their own machines. For example, an administrator who is responsible
for a group of machines can use the override facility to restrict access to those machines.
The administrator can allow access to specific groups, or the administrator can allow
access to everyone except specific groups or principals.
36.2.1 HowOverrides Work
The passwd_override administrative file that is stored in the local machine’s
dcelocal/etc/security directory contains override information. By using this file, you can
enter overrides for the following:
Passwords
GECOS information
Home directories
Login shells
Group memberships
UNIX IDs for principals
The override information that you enter is in effect only for the local machine, which is
the machine on which the passwd_override file is stored. When a user logs into a
machine with an override file, any information for the user’s account in the override file
replaces the pertinent information obtained from the registry.
For example, assume that the registry account for bach specifies a Korn shell at login.
Since bach normally logs into a machine that can run a Korn shell, this is fine for a
majority of situations. However, bach occasionally works for another department and
logs into a machine that cannot run a Korn shell. To accommodate bach’s needs, you can
create an override file on the machine that cannot run the Korn shell. The override can
specify a Bourne login shell. Then, if bach logs into the machine that can run a Korn
shell, registry data is used and a Korn shell is invoked. When bach logs into the machine
that cannot run a Korn shell, override data is used and a Bourne shell is invoked.
36.2.2 The passwd_override File Format
Entries in the passwd_override file have the following format:
principal_name:passwd:principal_uid:group_uid:GECOS:home_dir:shell
36 2 Tandem Computers Incorporated 124243