3.6 Preparing RIS for C2 Security
If your RIS server will have C2 security enabled, the ris user file must be
changed to ensure that the ris password does not expire and deny client
access.
Perform the following steps on the RIS server as superuser to modify the
ris user file if you are going to use RIS with C2 security enabled:
1. Edit the file /tcb/files/auth/r/ris. Each field is delimited by
a colon (:).
2. Set the current password field u_pwd to an asterisk (*).
3. Set the u_succhg value to any non-zero value. This value is a time_t
type printed with %ld.
4. Set the u_life and u_exp fields to zero.
The following is an example of a modified /tcb/files/auth/r/ris user
file:
ris:u_name=ris:u_id#11:\
u_oldcrypt#0:\
u_pwd=*:\
u_exp#0:u_life#0:\
u_succhg#79598399:\
u_suclog#79598399:\
u_lock@:chkent:
After you make these changes, the RIS password should not expire and
cause a denial of service to clients.
Preparing the RIS Server 3–5