|
|
When the Low or Traditional security profiles are configured on your system, inconsistencies between the TCB and UNIX System V database files are handled transparently without interrupting system operation. Under the higher security profiles, the TCB database files take precedence and any corruption or inconsistencies that occur result in a lockout of non-root users until the problem is corrected.
This behavior can be set independently of the security profile with the usermod(ADM) command.
To reconfigure database precedence, use this command:
usermod -D -x "{tcbDatabaseIsMaster value}"
where value is either 1 (yes) or 0 (no). If you set value to 0, the UNIX System V database files described in ``Understanding account database files'' are used as the master. The non-master database files are maintained only for consistency and are not relied upon for data used by the system.
To reconfigure how the system treats inconsistencies,
use this command:
usermod -D -x "{integrityRequired value}"
where value is either 1 (lock out all users until problem is fixed) or 0 (generate warnings but do not lock out users). If set to 1, the administrator must log in on the override terminal as described in ``Using the override terminal''.
See also: