OSF DCE Administration Guide--Core Components
OSF DCE Administration Guide—Core Components
When you override a principal’s password, only the principal’s local credentials are
obtained at login, not the principal’s network credentials. Without network credentials,
the principal cannot access the network registry and obtain the information that is
normally provided at network login. Therefore, you must supply all of this information
in the password_override file entry. For overrides to passwords, you must enter all of
the fields in the override entry, including all keyfields.
The following example shows a passwd_override file entry that changes a specific
machine’s password for user mozart’s account:
mozart:sq1Rc1Urrb1L6:678:893:Wolfgang A. Mozart:/aria/wolfgang:/bin/csh
Note: If your password is overridden and you then use rlogin or rsh to log in
remotely to the machine with the overrides, you are prompted for a
password, regardless of what is in either the /etc/hosts.equiv or .rhosts file.
36.2.7 Preventing Login to a Machine
To prevent users from logging into a machine, create an override entry with an invalid
string in the passwd field. Because the passwd field contains an encrypted password,
any character string that is not exactly 13 characters in length can be used as an invalid
password. For example, the following entry in the passwd_override file supplies
exclude as a password. This string of less than 13 characters prevents members of the
group that is identified by a UNIX ID of 25 from logging in.
:exclude::25:::
36.2.8 Omitting Users from the Local Password Files
An invalid password entry in the passwd_override file prohibits users from logging into
the machine on which the file exists. However, the invalid entry OMIT has a special
meaning. Just as with any other invalid password, if you enter OMIT, the user cannot
log in. Additionally, however, if you maintain the standard /etc/passwd and /etc/group
files and used the passwd_export command to keep these files consistent with the
registry database, you can specify that users with a password of OMIT be excluded from
the /etc/passwd file. (See Section 36.7 for more information on the passwd_export
command.)
Also, be aware that, if you have omitted users from the /etc/passwd file, information
about those users is not available to any programs that use the password file. For
example, the ls -l and the finger commands both access the password file to obtain
further information about a user identified by a UNIX ID. If the user is omitted, no
password entry exists and no information is available on that user.
36 − 8 Tandem Computers Incorporated 124243