| T.R | Title | User | Personal
Name | Date | Lines |
|---|
| 1531.1 | | XIRTLU::schott | Eric R. Schott USG Product Management | Mon Aug 12 1996 17:50 | 6 |
| 1531.2 | For recommending this to an ISP.... | QCAV02::DEVARAJAN | | Tue Aug 13 1996 03:54 | 16 |
| 1531.3 | What if we take it up ourselves... | QCAV02::DEVARAJAN | | Tue Aug 20 1996 03:02 | 18 |
| 1531.4 | | COMICS::CORNEJ | What's an Architect? | Wed Feb 19 1997 05:27 | 4 |
| Has this story changed since the base note? Are there any plans yet?
Jc
|
| 1531.5 | Internet AlphaServer ASE Login Service supports C2 | ZEKE::ranger.zko.dec.com::dilsworth | Keith Dilsworth | Thu Feb 20 1997 11:08 | 42 |
| The new version of IAS will only support DUNIX 4.0B and later. I have
been modifying lkr_ase_cron and lkr_aseusersync to be perl scripts and
to support C2 security.
The new scripts support a -v function which tells you every step thats
going on and what is being added/deleted/modified. The stop switch is
still there in lkr_aseusersync to clean out /etc/passwd, /etc/group and
the C2 auth.db entries. It can also be specified with a -s. There is a
-u switch to specify the UID range (-u 1000 60000). There is also a -g
switch to specify a GROUP to base ASE users on if you wish (-g
ASE_GROUP). The group can also be specified in /etc/ias_ase.config with
the field "ASE_GROUP ase_group_name".
The final switch in lkr_ase_usersync is a -d switch to specify a directory
other than /data/Lkr_Usr_/.admin for the ASE User entries
(-d /nfs/crossmount/.admin). With this switch it will only run if
/etc/ias_passwd.date and /nfs/crossmount/.admin/ias_passwd.date are different.
It will not set them the same. This would allow it to be a cron job on both
servers and only run on the backup server.
The operation is optomized to only replace what is necessary. If
something doesn't change leave it alone. The only thing they write to
disk are the new files (no working type files, every thing is read into
a perl hash). If there is a new /etc/passwd it is written to /etc/ptmp
and mkpasswd is ran with /etc/ptmp/passwd and then the files are renamed
to /etc/...
To further C2 compliance lkr_aseusersync will only pick up passwd
modifications. It will not update last login success or failure.
lkr_ase_cron will update all C2 fields in the ASE C2 database. This
allows lkr_aseusersync to either update just the passwd fields or create
a new C2 entry with all fields if there is not currently an entry for
the user. This means that if you don't use the -s switch with
lkr_aseusersync the C2 entry will have the login history for that
machine. If you use the -s switch and not the -d switch with
lkr_aseusersyc the login history will be for all servers.
Both scripts update /data/Lkr_USR/.admin/passwd.local and group.local
(even with the -d switch on lkr_aseusersync)
|
| 1531.6 | | COMICS::CORNEJ | What's an Architect? | Wed Feb 26 1997 06:37 | 4 |
| Is this ever likely to make it back into the base ASE product?
Jc
|
| 1531.7 | | ZEKE::ranger.zko.dec.com::dilsworth | Keith Dilsworth | Wed Feb 26 1997 12:27 | 6 |
| It was never part of the base ASE product.
Something simular should be included in the steel release of Digital
UNIX. Common cluster logon account. No sure idea how they will
impliment it but it will most likely have a system passwd file and
common cluster passwd file.
|