QUESTION:
I'm running DCE 1.3 with EDFS installed. We're trying to get the user
login to run "smoothly", and allow a user to end up in a home directory
residing in DFS, but without compromising the security of the data kept
in that home directory.
I have a user ID - karen. We've tried to use the dce_login as a
secondary authentication methodology, but that doesn't work. So, we
decided to try handling the DCE login from the ".profile". The object is
to have the user log in through a generic directory, dce login to get
credentials, and then cd to the DFS file space to complete the login.
But we find that it just doesn't work.
Refer to ASKQ item CKTRL, document Q641568. There is a shell script
documenting the use of dce_login_noexec to aid in getting the dcelogin
done in a shell script in order to log in to DCE and gracefully stop
CICS/6000, Encina, and DCE. This same sort of procedure should work for
us. But it doesn't.
The ".profile" is set up as follows:
PATH=/usr/bin:/etc:/usr/sbin:/usr/ucb:$HOME/bin:/usr/bin/X11:/sbin:.
export PATH
if . -s "$MAIL" . # This is at Shell startup. In normal
then echo "$MAILMSG" # operation, the Shell checks
fi # periodically.
echo " DCE Password : \c"
read pw
myname=`whoami`
export KRB5CCNAME=`/usr/bin/dce_login_noexec $myname $pw`
echo $?
cd /.../hross/fs/home/`whoami`
HOME=/:/home/`whoami`
export HOME
But what I get is:
(note: parens above are really square brackets.)
However, if I run a regular dce_login, I can log in without any problem,
but I spawn a new shell, and need to "cd" to the new home directly. I
just need to "dce_login" as the last line in my .profile to make sure
that I get done everything I need to before jumping into DCE.
Why does the dce_login_noexec not seem to work? Then environment appears
to be identical - except for the ticket number and the size of the
ticket file. The documentation doesn't seem to show why there should be
a problem.
---------- ---------- ---------- --------- ---------- ----------
A: In the InfoExplorer notes on dce_login_noexec you will see the
following:
"If you are running DFS, do not use dce_login_noexec. The necessary
information needed by DFS to recognize you as an authenticated DCE
user is not established."
This is the reason why dce_login_noexec is not working smoothly.
I have found the following on OMNIDISK , AIXTOOLS that may be of
interest to you:
SI_LOGIN 1.07 94/07/19 Single Login AIX/DCE integrated login shell
DCELOGIN .1 93/04/23 DCE 'Integrated' Login
These are both login methods that may be of assistance in your
situation. However, if dce_login is working, you might just wish to
us it, and write a script to change the user into their home
directory.
---------- ---------- ---------- --------- ---------- ----------
This item was created from library item Q677001 FFMPF
Additional search words:
.PROFILE ADEQUATE CREDENTIALS DCE DFS FFMPF FILE FILES IX JAN95
LOGIN NOEXEC OP OZNEW RISCDCE RISCSYSTEM SOFTWARE SYS WON
WWQA: ITEM: RTA000053286 ITEM: RTA000053286
Dated: 01/1995 Category: RISCDCE
This HTML file was generated 99/06/24~12:43:21
Comments or suggestions?
Contact us