Manualshelf

DCE Installation, Configuration, and Management Guide

ManualsBrandsHP ManualsServerHP NonStop G-Series
41424344454647484950
Configuring NonStop DCE
HP NonStop DCE Installation, Configuration, and Management Guide429552-005
4-7
Configuring the Initial Security Server
where the character shown in parentheses is the default response if you press
Return.
2. Enter y only if there are previous configuration files to remove.
The following prompt is displayed:
Enter the name of your cell (without /.../):
3. Enter the desired cell name; for example, cellname. If the cell will communicate
with other cells, use a full DNS name (for example, cellname.xyz.co).
Subsequently, the name /.../cellname or the shorthand /.: is used to refer to
this cell.
This prompt is displayed:
Enter the name of the DCE privuser: (SUPER.SUPER)
where the characters shown in parentheses are the default response if you press
Return.
4. Enter the Guardian user ID permitted to administer NonStop DCE on this system.
See Being the DCE Privuser on page 6-3 for information on which user is
permitted to perform specific dce_config actions.
The user ID user you enter must be a member of the super group.
If you do not enter the super ID, dce_config stops and you must log in as the
specified ID to complete initial security server configuration for the cell. For
example, if you specify SUPER.DCE, you must perform these additional steps:
a. Use the exit command to stop the OSS shell.
b. Log in again as the DCE privuser SUPER.DCE.
c. Repeat the procedure described in Setting Up an Initial DCE Cell on page 4-4.
d. Perform Steps 1 through 4 of this procedure.
5. If the virtual host does not have an entry in the $SYSTEM.ZTCPIP.HOSTS file, you
are prompted for the host IP address.
dce_config prompts you to determine whether access control lists (ACLs) should
be restricted to the local host. The following message appears:
WARNING:
The ACLs protecting dced objects can be restricted to the
local host principal by answering 'no' to the following
question. Otherwise, the admin group dced-admin will be given
permission to access and modify the local dced's objects as
well. The implication is that a privileged network user (e.g.
cell_admin) will be allowed local privileged access to the
machine. If that is acceptable, answer 'yes' to the following
question. Answering 'no' provides more security but severely
restricts remote dced management capabilities.