Managing a Password Management Server
Part 2 of OSF DCE Administration Guide - Introduction explains how to use dce_config to configure a password management server. This topic provides additional notes on password management server management.
· To protect password security, and to optimize performance, the password management server should run on the same machine as the master DCE security server.
· The default path name for the password management server is $DCELOCAL/bin/pwd_strengthd. You can change this path name by using the PWD_MGMT_SVR environment variable in config.env.
· While dce_config supports configuration of only one password management server in a cell, it is possible to manually configure additional servers. Principal pwd_mgmt_binding ERAs can then be set to point to the appropriate server for each principal.
· To replace the sample password management server with another version, follow this procedure:
1. Kill pwd_strengthd.
2. Rename $DCELOCAL/bin/pwd_strengthd.
3. Copy the new server into $DCELOCAL/bin/pwd_strengthd.
4. Start pwd_strengthd.
Do not unconfigure and reconfigure pwd_strengthd. If you do so, secd will be unable to communicate with it until secd is restarted or the previous server's keys expire.
· The log file for the sample password management server resides in $DCELOCAL/var/security/pwd_strengthd.log. This location is built into the server code and is not configurable.