[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference tuxedo::dce-products

Title:	DCE Product Information
Notice:	Kit Info - See 2.-4.
Moderator:	TUXEDO::MAZZAFERRO

Created:	Fri Jun 26 1992
Last Modified:	Fri Jun 06 1997
Last Successful Update:	Fri Jun 06 1997
Number of topics:	2269
Total number of notes:	10003

2163.0. "Moved from DCE-PROGRAM" by TUXEDO::MAZZAFERRO () Wed Feb 19 1997 13:21

           <<< TUXEDO::WORK$970:[NOTES$LIBRARY]DCE-PROGRAM.NOTE;1 >>>
                   -< OSF Distributed Computing Environment >-
================================================================================
Note 748.0                 C2 and SIA incompatibility?                No replies
NETRIX::"scott@dwarf.wro.dec.com" "Scott Fafrak"     28 lines  18-FEB-1997 15:59
--------------------------------------------------------------------------------
I have a customer who has a question regarding the availability of DCE SIA 
and C2 coexisting.  They are running:

Digital DCE V2.0a (Rev.  519) for Digital UNIX
Digital UNIX v4.0 (Rev.  386) with Patch OSF400-106

Here is an excerpt of a message I received:

The Manual entitled "Configuring the Digital DCE Kit" says on pg. 5-37 that
"The DCE SIA feature is not compatible with C2 security.  If you run DCE
on a C2 system, DCE SIA must be disabled."  (section 5.16.1)
I would like to understand this limitation better.  Namely, it is my
understanding that the shadow password file comes with C2.  This is an
important
feature for us and we would need to preserve it with the integrated login 
facility that SIA provides.  The extended auditing features would also 
be highly desirable.  It too might be necessary for us to use on machines
in our classified environment.  Can you help us through this maze?

Why are they incompatible?  When will this be resolved?  Are there any 
workarounds?

Thanks.

Scott Fafrak
Sr. S/W Consultant
West Coast NSIS
[Posted by WWW Notes gateway]

T.R	Title	User	Personal Name	Date	Lines
2163.1		TUXEDO::HASBROUCK		`Thu Feb 20 1997 14:46`	15
	RE: C2 and SIA incompatibility? >Why are they incompatible? When will this be resolved? Are there any >workarounds? The restriction against running C2 with DCE SIA was eliminated in DCE V2.0. There's a discussion of this in the V2.0 Product Guide. C2 and DCE SIA is a little inconvenient, because C2 doesn't allow other security mechanisms, such as DCE, to vouch for it. So you must maintain identical accounts in both registries to get single-login. Also, there's no way to update the passwords simultaneously in both registries. Brian
2163.2	Thanks!	NETRIX::"scott@dwarf.wro.dec.com"	Scott Fafrak	`Thu Feb 20 1997 16:35`	1
	[Posted by WWW Notes gateway]