Security and User Account Administration.

Enhanced Security / C2 mode:

Digital Unix provides an optional enhanced security mode that can be used ot bring the system into complience with C2 security guidelines. This provides features such as password shadow files and account and password aging.

Automatic Screen locking:

CDE provides the capability to automatically lock a server or workstation screen after a defined period of time. This should be implemented on all systems. To modify the settings, go to the CDE configuration menu icon. Select the "Display" icon, and there is a setting on the bottom of the dialog box that allows you to set a lock interval.

Adding Users:

If a system does not have enhanced security turned on, users can be added simply by editing the /etc/passwd file and manually creating their home dir, etc. An easier method is to use the "adduser" command. This can be used to automatically create home dirs and copy skeleton files into their home dir. The "usermod" and "groupmod" commands can also be used to modify accounts programatically. There is also a graphical administration utility called "dxaccounts". This program can be used to add, delete, and modify accounts.

If enhanced security is in place, it is best to use the administration programs to add users rather than to add users by modifying the files by hand. These programs will automatically modify the various auxilary files used by enhanced security. When enhanced security is in use, you can also use the "XIsso" program to add / delete / modify accounts.

Account Locking:

When enhanced security is in place, accounts can be locked by an administrator, or can be automatically locked after X number of invalid signon attempts. If an account is locked, any attempts to log into the account or "su" to it, will generate a response saying that the account is disabled. To unlock an account, you can use either the XIsso gui, or the dxaccounts gui. I have had better luck using the XIsso gui to unlock accounts.

(back)