HPE Community
Operating System - HP-UX
1830892 Members
2865 Online
110017 Solutions
New Discussion

Re: Configuring RSA for CDE

 
Piyush S
Advisor

‎06-05-2007 10:08 PM

‎06-05-2007 10:08 PM

Configuring RSA for CDE

Hi All

We are in the process of implementing RSA ACE Agent for our HP-UX machines.
I have some questions in mind regarding the configuration...

We have 40 HP-UX workstations. There is a NIS server thru which the authentication happens. The RSA server is a windows 2003 server. Server config is complete. We have even loaded the RSA software on the NIS server and also on one of the W/S.

Now the problem is ..
I want that the CDE login screen that a user gets on the console ( or on the Exceed ) should ask for the PASSCODE that gets generated on the token, after USERNAME and PASSWORD . The reason being that if the users shell is changed to sdshell, then everytime a user opens a shell , it asks for a passcode. We have some GUI applications so we cannot go for a method where the GUI comes up after the user logs in.
The RSA document says that we need to add the Xprompt script available with RSa to all the X-server startup scripts. But I need to know which are those files, and where to add this script.

It would be nice if anyone can hgelp me on this issue.

Regds
Piyush
0 Kudos
Reply
2 REPLIES 2
Matti_Kurkela
Honored Contributor

‎06-05-2007 11:13 PM

‎06-05-2007 11:13 PM

Re: Configuring RSA for CDE

The default versions of the X-server startup scripts are located in /usr/dt/config, but if you modify them, copy them to /etc/dt/config first.

(HP-UX patches will always overwrite the default versions in /usr, so the system uses a modified version in /etc/dt/config if it exists; if not, it will use the default version in /usr. To make your modifications patch-friendly, you could make your modified script first source the default version in /usr, then perform your custom actions.)

"man dtlogin" will tell you more about the scripts.

The interesting scripts are:
- Xsetup: this is run as root when the X server starts, before displaying the login window

- Xstartup: after the username and password is verified, this is run with root privileges. If this script exits with a non-zero result code, the session is not allowed to start.

- Xsession.d/*: when the user's session is starting, all these scripts are executed using the user's identity. The user can override this by creating a .dtprofile file.

- Xreset: this is the counterpart of Xstartup. It is run with root privileges after the user session has terminated.

So, the most relevant one would probably be Xstartup. If you need to set up any clean-up actions to execute after the session has ended, Xreset would be the place for them.

MK
MK
0 Kudos
Reply
Piyush S
Advisor

‎06-07-2007 04:16 PM

‎06-07-2007 04:16 PM

Re: Configuring RSA for CDE

Thanks....

I tried putting the Xprompt script that came with RSA in the startup scripts, but then the system was not logging anyone.... After asking for username and password it again gave the login screen...

Can anyone please suggest....

P S
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.