OSF DCE Administration Guide— Core Components Revision 1.
The information contained within this document is subject to change without notice. OSF MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. OSF shall not be liable for errors contained herein, or for any direct or indirect, incidental, special or consequential damages in connection with the furnishing, performance, or use of this material.
RESTRICTED RIGHTS NOTICE: Use, duplication, or disclosure by the Government is subject to the restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 52.2277013. RESTRICTED RIGHTS LEGEND: Use, duplication or disclosure by the Government is subject to restrictions as set forth in paragraph (b)(3)(B) of the rights in Technical Data and Computer Software clause in DAR 7-104.9(a). This computer software is submitted with "restricted rights.
Preface The OSF DCE Administration Guide provides concepts and procedures that enable you to manage the OSF Distributed Computing Environment (DCE). Basic OSF DCE terms are introduced throughout the guide. A glossary for all of the DCE documentation is provided in the Introduction to OSF DCE. The Introduction to OSF DCE helps you to gain a high-level understanding of the DCE technologies and describes the documentation set that supports DCE.
OSF DCE Administration Guide—Core Components Document Usage The OSF DCE Administration Guide consists of two books, each of which is divided into parts, as follows: • The — Part 1. Introduction to DCE Administration — Part 2. Configuring and Starting Up DCE • The — Part 1. The DCE Control Program — Part 2. DCE Administration Tasks — Part 3. DCE Host and Application Administration — Part 4. DCE Cell Directory Service — Part 5. DCE Distributed Time Service — Part 6.
Preface Typographic and Keying Conventions This guide uses the following typographic conventions: Bold Bold words or characters represent system elements that you must use literally, such as commands, options, and pathnames. Italic Italic words or characters represent variable values that you must supply. Constant width Examples and information that the system displays appear in constant width typeface. [] Brackets enclose optional items in format and syntax descriptions.
0− 0 Tandem Computers Incorporated 124243
Contents _____________________________ Preface . . . . . . . Audience . . Applicability Purpose . . . . . . . . . . . . . . . . . . . . xxix . . . . . . . . . . . . . . . . . . xxix . . . . . . . . . . . . . . . . . . xxix . . . . . . . . . . . . . . . . . . xxix . . . . . . . . . . . . . . . . . xxx . . . . . . . . . . . . . . . . xxx . . . . . . . .
OSF DCE Administration Guide—Core Components 2.4 Grouping Elements and Controlling Interpretation . . . . 2.4.1 Grouping Elements with Braces . . . . . . . 2.4.2 Grouping Elements with Double Quotes . . . . . 2.4.3 Including Special Characters with Backslashes . . . . . . . . . . . . . . . 2-4 2-5 2-5 2-6 2.5 Documenting Scripts with Comments . . . 2-7 2.6 Convenience Variables . . . . . . . . 2.6.1 Current Principal (User) Name (_u) . . 2.6.2 C u r r e n t Cell Name (_c) 2.6.
Contents Part 2. DCE Administration Tasks Chapter 4. DCE Administration Task Objects . . . . . . . . 4.1 Using Task Objects to Simplify DCE Administration . 4.2 Looking Beyond the Tools Chapter 5. Managing a DCE Cell . . . . . . . . . . . 4-2 . . . . . . . . . . . 5-1 . . 5-1 . . . 5-3 Modifying or Extending the Cell Object . . . . . . . . 6.2 Changing Your Cell Name 6.3 Modifying or Extending the cellalias Object Chapter 7. Managing DCE Hosts . . .
OSF DCE Administration Guide—Core Components 9.4 Routing Serviceability Messages . . . . . . . . 9.4.1 Serviceability Message Severity Levels . . . . 9.4.2 How to Route Serviceability Messages . . . . . . . . . . . . . . . . 9-7 9-8 9-9 . . . . 10-1 10.1 Controlling Server Operation . . . . . . . . . . . . . 10.1.1 Common Server Configuration Needs . . . . . . . . 10.1.2 Configuring Servers . . . . . . . . . . . . . . 10.1.3 Listing and Retrieving Server Configuration Information . . . . . . . .
Contents 11.5.2 GDS Names . . . . . . . . . . . . . . 11.5.3 DNS Names . . . . . . . . . . . . . . 11.5.4 Names Outside of the DCE Directory Service . . . . Chapter 12. CDS Concepts . . . . . . 11-11 11-14 11-15 . . . . . . . . . . . . . . . . . 12-1 . . . . . . . . . . . . . . . . . 12-1 12.2 Replicas and Their Contents . . . . 12.2.1 Object Entries . . . . . 12.2.2 Soft Links . . . . . . . 12.2.3 Child Pointers . . . . . 12.2.4 Summary . . . . . . . . . . . . .
OSF DCE Administration Guide—Core Components 16.10 Setting Up Access Control in a New Namespace . . . . . . 16.10.1 Adding Members to the Namespace Authorization Group . . . . . . . . . . . . . . . . 16.10.2 Creating Additional Authorization Groups . . . . . 16.10.3 Establishing Maximum Permissions for Unauthenticated Principals . . . . . . . . . . . . . . . . . 16-12 . . . . 16-12 16-12 . . 16-13 . . . 17-1 17.1 Monitoring Clerk, Server, and Clearinghouse Counters . . . . 17.1.
Contents 18.5.1 Before You Modify a Directory’s Convergence . . . . 18.5.2 Permissions for Modifying a Directory’s Convergence . . . . . . . . . . . . . . 18.5.3 Entering the directory modify Command . . . . . . . 18-10 . . . . 18-10 18-10 . . 19-1 19.1 Viewing the Namespace with the CDS Browser . . . . . . . 19.1.1 Displaying the Default Namespace . . . . . . . . 19.1.2 Expanding and Collapsing Selected Directories . . . . 19.1.3 Expanding and Collapsing the Entire Cell Namespace . . . . . . . .
OSF DCE Administration Guide—Core Components 21.4.1 Dissociating a Clearinghouse from Its Host Server System . . . . . . . . . . . . . . . . . 21.4.2 Copying the Clearinghouse Database Files to the Target Server System . . . . . . . . . . . . . . . . . 21.4.3 Starting the Clearinghouse on the Target Server . . . . . 21-11 . . 21-12 21-12 . . . . 21-13 21-13 21-13 21-14 . . . . . . .......... 21-14 21-14 21-15 21.5 Deleting a Clearinghouse . . . . . . . . . . . . . 21.5.
Contents 24.5.3 WAN Cells . . . . . . . . . . . . . 24-5 . . . . . . . . 24-6 . . . . . . . . 25-1 25.1 Using the DCE Control Program . . . . . . . . . . 25.1.1 DTS Objects . . . . . . . . . . . . . 25.1.2 dcecp Operations for DTS . . . . . . . . . 25.1.3 DTS Object Attributes and Counters . . . . . . . . . . . . . . . . . . 25-1 25-1 25-2 25-2 25.2 DTS Timestamp Format . . . . 25-4 25.3 Reconfiguring DTS on Nodes . . . . . . . . . . 25.3.
OSF DCE Administration Guide—Core Components 27.2 The Registry Database . . . . . . . . . . . . . . 27-2 . . . . . . . . . . . 27-3 . . . . . . . . . . . 27-3 . . . . . . . . 27-4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27-4 27-5 27-6 27-7 27-7 . . . 27-7 . . . 27-8 27.9 Names for Security Objects . . . . . . . . . . . . 27.9.1 Using Names with dcecp Security Commands . . . . 27.9.
Contents 29.3.2 sec_admin Commands for Reconfiguring Replica Sets . . . . . . . . . . . . . . . 29-6 . . 30-1 30.1 Principal, Group, and Organization Names . . . . . . . . . 30.1.1 Primary Names . . . . . . . . . . . . . . 30.1.2 Full Names . . . . . . . . . . . . . . . 30.1.3 A l i a s e s . . . . . . . . . . . . . . . . . 30.1.4 Name Formats . . . . . . . . . . . . . . . . . . . 30-1 30-1 30-2 30-2 30-2 30.2 Reserved Principals and Accounts Chapter 30.
OSF DCE Administration Guide—Core Components 31.5.1 Setting Ticket Lifetimes . . . . . . . 31.5.2 Ticket-Granting Ticket Lifetimes and Service Ticket Lifetimes . . . . . . . . . . . . 31.5.3 Adding Accounts Example . . . . . . . 31.5.4 Modifying Accounts . . . . . . . . 31.5.5 Deleting Accounts . . . . . . . . . . . . . . 31-10 . . . . . . . . . . . . . . . . . . . . 31-11 31-11 31-12 31-13 31.6 Creating, Maintaining, and Deleting Keytab Files . . . . . . 31.6.1 The Keytab File . . . . . . . .
Contents 34.1 D i s p l a y i n g Account Information 34.2 Displaying Group and Organization Information 34.3 Displaying Principal Information . 34.4 Displaying xattrschema Information Chapter . . . 34-1 . . . . . 34-3 . . . . . . . . . . . 34-5 . . . . . . . . . . . 34-7 34.5 Displaying ACL Information . . . . . . . . . . . . . . 34-8 34.6 Displaying keytab Information . . . . . . . . . . . . . 34-9 .............. 35-1 . . . . . . .
OSF DCE Administration Guide—Core Components Chapter 37. Handling Network Reconfigurations . . . . . . . . . . . . 37-1 . . . . . . . . . . . . 37-1 . . . . . 37-2 37.3 Handling Network Address Changes . . . . . . . . 37.3.1 Updating the pe_site File . . . . . . . . . 37.3.2 Handling Simultaneous Address Changes . . . . . . . . . . . . . 37-3 37-3 37-3 . . . 38-1 37.1 . Changing the Master Replica Site 37.2 Removing a Server Machine from the Network Chapter 38.
Contents 40.5 Turning a Master into a Slave . . . . . . . . . . . . . 40-6 . . . . . . . . . . . . 40-7 . . . . . . . . . . . . . 40-8 . . . . . . . . . . . . . . 40-8 . . . . . . . . . . . . . . . 41-1 . . . . . . . . . . . . . . . 41-1 41.2 Registry Permissions . . . . . . . . . . . . . . . 41.2.1 Management, Authentication, and User Information . . . . . . . . . . . . . . . 41.2.
OSF DCE Administration Guide—Core Components 42.3 DCE Audit Service Concepts 42.3.1 Audit Clients . . 42.3.2 Code Points . . 42.3.3 Audit Events . . 42.3.4 Event Numbers . 42.3.5 Event Classes . . 42.3.6 Filters . . . . 42.3.7 Audit Trail File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Contents B.5.1 B.5.2 B.5.3 Adding a New Attribute . . . . . . . . . . Modifying the Value of an Existing Attribute . . . . Removing an Attribute . . . . . . . . . . . Appendix C. Time-Providers and Time Services 124243 . . . . . B-6 B-6 B-6 . . . . . . . . . . . C-1 . . . . . C.1 Criteria for Selecting a Time Source . . . . . . C-1 C.2 Sources of Coordinated Universal Time C.2.1 Telephone Services . . . C.2.2 Radio Transmissions . . C.2.3 Network Time Protocol . . C.2.
OSF DCE Administration Guide—Core Components LIST OF FIGURES Figure 10-1. Server Binding Information . . . . . . . . . . . . . . . . Figure 10-2. Possible Information in a Server Entry 10-15 . . . . . . . . . . . . . 10-20 Figure 10-3. Possible Mappings of a Group . . . . . . . . . . . . . . . . 10-25 Figure 10-4. Possible Mappings of a Profile . . . . . . . . . . . . . . . . 10-30 Figure 11-1. Cell and Global Naming Environments . . . . . . Figure 11-2.
Contents Figure 24-2. DTS Configuration—LAN with WAN Links Figure 24-3. DTS Configuration—WAN Networks Figure 25-1. DTS Timestamp Format Figure 25-2. Local Fault . . . . . . . . . . . . . . . 24-4 . . . . . . . . . . . . . 24-5 . . . . . . . . . . . . . 25-4 . . . . . . . . . . . . . . . . . . . . . Figure 26-1. Local Time Source . . . . . . . . . 25-15 . . . . . . . . . . 26-2 Figure 26-2.
OSF DCE Administration Guide—Core Components Figure 41-9. Permissions Required to Add Members to Groups . . . . . . . . . . 41-11 Figure 41-10. Permissions Required to Add Members to Organizations . . . . . . . . 41-12 Figure 41-11. Permissions to Delete Members From Groups or Organizations 41-12 ...... Figure 41-12. Permissions Required to Change a Principal’s, Group’s, or Organization’s Full Name . . . . . . . . . . . . . . . . . . . . . . . 41-13 Figure 41-13.
Contents LIST OF TABLES TABLE 9-1. Serviceability Message Severity Levels . . . . . . . . . . . . . TABLE 15-1. DCE Control Program Operations for CDS . . . . . . . . . . . . 15-2 TABLE 15-2. CDS Control Program Commands . . . . . . . . . . . . . TABLE 16-1. ACL Entry Types Used for CDS Principals . . . . . . . . . . . . 16-3 . . . . . TABLE 16-2. DCE Control Program Commands and Required Permissions . . . TABLE 16-3.
OSF DCE Administration Guide—Core Components TABLE C-1. Time-Provider Selection Criteria xxiv . . . . . . . Tandem Computers Incorporated . . . . . . . .
Chapter 1. DCE Control Program Introduction DCE is an integrated set of services that supports the development and execution of distributed applications between heterogeneous networked computers. Each DCE environment (called a cell) maintains at least the following core DCE services: • DCE Threads • DCE Host Services • DCE Cell Directory Service • DCE Time Service • DCE Security Service With the exception of DCE Threads, all of the core services require administration in one way or another.
OSF DCE Administration Guide—Core Components and probably setting some ACLs on CDS directories. All of these operations can be accomplished using a single task object. 1.1 Flexible, Portable, and Extensible Administration The DCE control program is built on a portable command language called Tcl (pronounced "tickle"), which stands for Tool Command Language developed by John K. Ousterhout at the University of California at Berkeley, California.
DCE Control Program Introduction • The dcecp language allows the use of variables, if statements, looping functions and other programming operations that let you boost the power of your operations. For instance, looping functions let you repeat operations on multiple objects such as users, servers, or CDS entries. • Administrators can easily share their tools because scripts can be moved to foreign platforms without change.
OSF DCE Administration Guide—Core Components 1.3 Using the DCE Control Program This section provides a quick look at how to start and stop the DCE control program and how to perform operations. Additional information about these topics is contained in the dcecp reference pages. 1.3.1 Starting and Stopping the DCE Control Program You can enter dcecp operations directly from your operating system prompt or from within the DCE control program.
DCE Control Program Introduction % dcecp -c cell show {secservers /.../my_cell.goodco.com/subsys/dce/sec/master} {cdsservers /.../my_cell.goodco.com/hosts/krypton} {dtsservers /.../my_cell.goodco.com/hosts/mars} {hosts /.../my_cell.goodco.com/hosts/earth /.../my_cell.goodco.com/hosts/jupiter /.../my_cell.goodco.com/hosts/kyrpton /.../my_cell.goodco.com/hosts/mars /.../my_cell.goodco.com/hosts/mercury /.../my_cell.goodco.com/hosts/neptune /.../my_cell.goodco.com/hosts/pluto /.../my_cell.goodco.
OSF DCE Administration Guide—Core Components To invoke a dcecp script, omit the -c argument but include the name of the script. The following example invokes a script that lists the names of all hosts in the cell in alphabetical order: % dcecp list_hosts earth jupiter krypton mars mercury neptune planets pluto saturn uranus venus % When you want to invoke complex or multiple operations, you might want to invoke operations from within dcecp.
DCE Control Program Introduction you might want to add some entry to a CDS directory only if some other specified entry already exists in CDS. The DCE control program makes this possible by utilizing Tcl’s built-in commands that imitate elements commonly found in numerous programming and shell languages. The DCE control program contains many C-like constructs that control command execution.
OSF DCE Administration Guide—Core Components of the spaces. Thus, all of the list elements appear as one argument. Similarly, we use braces to enclose the individual elements in the script body. Braces also help dcecp determine whether a command is complete; incomplete commands will have more opening than closing braces. The lack of a closing brace at the end of the first line signals dcecp that more command input is coming, so dcecp prompts with the secondary prompt (>).
DCE Control Program Introduction 1.5 When to Use an Interactive Command or Script There’s no absolute dividing line for when you should enter commands interactively or with a script. In general though, the simpler operations—those that perform one or maybe two tasks—make the best candidates for interactive use. The following examples typify interactive operations: dcecp> directory create /.:/printers dcecp> account show w_shakespeare dcecp> server start /.
OSF DCE Administration Guide—Core Components one or more characters. In an escape sequence, is referred to as E S C , a s in for example. Case matters in escape sequences (unlike control characters, which don’t distinguish between upper and lower case); is not the same as . You can enter an editing command anywhere on the line, not just at the beginning. In addition, a return may also be pressed anywhere on the line, not just at the end.
DCE Control Program Introduction Delete previous word ()[n] Delete previous word () [n] Set the mark (); see and
OSF DCE Administration Guide—Core Components Commands issued from scripts aren’t saved and can’t be recalled. The history command takes various arguments depending on what you want to do.
DCE Control Program Introduction You can save the most typing by entering just the unique first characters of words in a history command. For instance, you can enter the history redo directory command from the previous example as dcecp> hi r d directory show /.:/printers . . [output omitted] . dcecp> Other ways to redo commands include !!, which recalls the most recent command, and !event number to recall a specific event.
OSF DCE Administration Guide—Core Components The general format of all dcecp object operations is as follows: dcecp>
DCE Control Program Introduction • Get information about available command options by adding an operation argument to the object help command.
OSF DCE Administration Guide—Core Components The Tcl reference page summarizes the Tcl built-in commands. You can view the Tcl summary reference page on a UNIX style system by entering dcecp> man Tcl . . [output omitted] . dcecp> 1.8 Customizing dcecp Sessions The DCE control program includes a number of commands, objects, and task scripts for performing most of the day-to-day DCE administration operations.
DCE Control Program Introduction with multiple administrators. For example, different .dcecprc files for each administrator could use dcecp source commands to call specific commands and task scripts that are tailored to particular areas of administration. The rest of this section illustrates a simple task script and shows one way to make the script available for personal use. Our example begins with the control program’s existing clock object that shows the current time.
OSF DCE Administration Guide—Core Components # Show the time on all of the dts servers running in your cell. proc _dcp_show_clocks {} { set x [directory list /.
DCE Control Program Introduction When you install a new script, you must run the auto_mkindex utility to make the new object available to other users on the host. For more information about running the auto_mkindex utility, see Chapter 3.
Chapter 2. Using the DCE Control Program Command Language In Chapter 1, we provided a high-level look at some ways to use the DCE control program to administer your DCE environment. In this chapter, we will discuss some syntax rules and some of the more important commands you’ll need to use in composing your dcecp administration commands and task scripts.
OSF DCE Administration Guide—Core Components • Using lists to sort, find, and reuse information • Using arithmetic functions in commands and task scripts • Conditionalizing and controlling your script with if statements and loops • Executing scripts associated with character patterns by using the case command • Synthesizing commands by using eval • Importing operations with source • Creating new dcecp commands with proc • Using error and exception information • Handling strings • Working
Using the DCE Control Program Command Language 9 Here we first set variable a to 7. In line 2, we use the expr command to add 2 to the value of a (7). The dollar sign triggers dcecp to insert the value 7. The last line shows the return value from the expr command. A more relevant example might be dcecp> set a /.:/sec /.
OSF DCE Administration Guide—Core Components dcecp> 4 dcecp> 6 dcecp> 6 dcecp> set a 4 set b [expr $a+2] set b A more practical example might use command substitution for a command that returns a long name or a list. Let’s recall an example we saw in Chapter 1. In this example, the [group list temps] command returns a list to the foreach command that performs the account modify operation on each element in the list. We’ll look more closely at the foreach looping command later in this section.
Using the DCE Control Program Command Language The choice to use braces or quotes to group elements together depends on how you want dcecp to interpret special characters like $, [, and {. While braces disable special interpretation of most of these characters, double quotes disable special interpretation of just a few. The backslash character, discussed in Section 2.4.3, offers another way to disable interpretation of special characters.
OSF DCE Administration Guide—Core Components value that includes spaces: dcecp> set a "XYZ server for /.:/corp/comm_groups" XYZ server for /.:/corp/comm_groups dcecp> puts $a XYZ server for /.:/corp/comm_groups dcecp> Use of double quotes does not disable command, variable, and backslash substitution. Let’s look at a variation of the example used in the Section 2.4.1: dcecp> set a solution solution dcecp> puts $a solution dcecp> puts "This is a convenient $a." This is a convenient solution.
Using the DCE Control Program Command Language The following list shows the special characters that you can include in a string of elements by using the backslash character: \b \t \e \n \r \{ \} \[ \] \$ \ (space) \; \" \\ \(newline) \ddd Backspace Tab Escape Newline Carriage-return Left brace Right brace Open bracket Close bracket Dollar sign Space (" ") Semi-colon Double quote Backslash Nothing Octal value 2.
OSF DCE Administration Guide—Core Components proc _dcp_cleanup_user_create {account_name args} { 2.6 Convenience Variables The DCE control program remembers what you enter as well as command output, and stores certain pieces of that information in convenience variables for reuse in subsequent commands. Using these variables in your interactive commands can reduce typing and help eliminate typing mistakes. Convenience variables apply only to dcecp commands like directory, principal, acl, account, and so on.
Using the DCE Control Program Command Language dcecp> puts $_u cell_admin A practical use of this variable could be in scripts that test for a certain DCE identity before proceeding. On finding an incorrect identity, scripts could prompt for the necessary identity information and perform a dce_login operation. See the cell name variable description in Section 2.6.2 for information about composing fully qualified principal names. 2.6.
OSF DCE Administration Guide—Core Components dcecp> 2.6.4 Most Recent Operation Argument Name (_n) The _n variable holds the name or names used as an argument to the most recent control program operation. Most DCE control program objects take a name or a list of names as an argument. Those that don’t do so include endpoint, attrlist, uuid, name, utc, and the miscellaneous dcecp commands dcecp_initInterp, login, logout, errtext, quit, resolve, and shell.
Using the DCE Control Program Command Language name in _n (closer to the cell root). One use of the _p variable is in traversing up a CDS hierarchy of directories. Another use is showing the access control list (ACL) of a parent object. The following operations view the ACLs of a server configuration object and of its parent object (/.:/hosts/krypton/config/srvrconf): dcecp> acl show /.
OSF DCE Administration Guide—Core Components toofewservers and returns its associated value. dcecp> dts show -counters {creationtime 1994-09-16-07:50:13.
Using the DCE Control Program Command Language _s(cds) 2. If the operation lacks a name argument, use the server named in the _s(sec) variable. 3. If the_s(sec) variable has not been set, use the server named in the _b(sec) variable. 4. If the_b(sec) variable has not been set (that is, this is the first registry operation since dcecp was initialized), the service provides an arbitrary server that is suitable for the operation.
OSF DCE Administration Guide—Core Components • The string binding for the host where the server resides. String bindings can represent security servers, DTS servers, and audit daemons. They cannot represent CDS servers. An example of a string binding is {ncacn_ip_tcp 110.15.22.131}. The DCE control program resolves the binding to the appropriate service on the host. • The name of the cell. This form applies only to registry operations. For a remote cell, specify a global cell name, for example /...
Using the DCE Control Program Command Language 24 dcecp> 32 dcecp> 8 dcecp> 8 dcecp> expr ($x-8)*2 expr $x-(8*2) expr $x-8*2 Be careful using variables in expressions; variables like $x must be numeric strings like 24, not nonnumeric strings like 4*6. The DCE control program normally treats numbers as decimal integers, but can read numbers in octal and hexadecimal formats too. Precede a number with 0 (zero) for octal interpretation, as in 0477.
OSF DCE Administration Guide—Core Components 2.8 Operating on Lists Lists provide convenient ways to operate on collections of things such as sets of principals, group members, or other objects. Lists are collections of objects entered by you or returned from commands. We’ve already seen lists in previous examples in this chapter; they’re any number of elements separated by spaces, tabs, or newlines. Usually, a list is enclosed in braces.
Using the DCE Control Program Command Language dcecp> set a {a b {c d e} f} a b {c d e} f dcecp> set b [llength $a] 4 dcecp> set c [expr $b-1] 3 dcecp> lindex $a $c f dcecp> The DCE control program provides numerous commands for working with lists. You can join lists together using the concat command. Use linsert to add elements to an existing list.
OSF DCE Administration Guide—Core Components exists. The following example script fragment returns an error message if the account name does not exist in the list_of_group_entries variable: set list_of_group_entries [group list $group -simplename] if { [lsearch $list_of_group_entries $account_name] == -1} { group add $group -member $account_name } else { error "Group \"$group\" already has an entry \ for \"$account_name\"." } 2.9.
Using the DCE Control Program Command Language Keep in mind that loops return their results to the interpreter, not to stdout. You need to take extra steps to send the results to stdout.
OSF DCE Administration Guide—Core Components 2.9.2.3 The for Loop The for loop also behaves just like its C counterpart. Although for is more complex than its sibling while, for keeps all of the loop control information together, making it easier to see what’s going on. The for command syntax is for initial_expression test reinit script_body To use for, set an initial expression and then test for that condition before executing the script body.
Using the DCE Control Program Command Language foreach s [dts catalog] { if {[catch {dts show $s} dts_sh_out] != 0} { continue } set p [attrlist getval $dts_sh_out -type provider] if {[string match $p "yes"] == 1} { set provider "yes" set server $s break } set provider "no" } 2.9.4 Testing with Patterns Before Execution with case Some commands return a list such as a list of objects in a directory or a list of servers running on a host system.
OSF DCE Administration Guide—Core Components Patterns can include wildcard characters. A ? (question mark) in a search pattern matches any single character in the target pattern. For instance, ?at matches bat and hat. A * (asterisk) in a pattern matches any string in the target pattern. For instance, *at matches both bat and "three cornered hat" (note the use of quotes to disable spaces as separators). You might want a way to execute some default script when no pattern matches are found.
Using the DCE Control Program Command Language dcecp> You can avoid some parsing problems by placing braces around the arguments as in this example: dcecp> dcecp> eval {$a $b $c} To make certain dcecp parses your eval command correctly, you can invoke the dcecp list command to generate a valid list structure: dcecp> dcecp> eval [list $a $b $c] 2.11 Reading Other Files as dcecp Scripts The source command reads the contents of other files, executing them as dcecp scripts.
OSF DCE Administration Guide—Core Components 2.12 Creating New Commands The DCE control program provides a powerful and comprehensive set of commands for controlling and monitoring DCE operations. But the exact uses to which DCE is put by end users is unpredictable. Consequently, it’s quite likely that some administrators will need additional commands to meet very specific needs.
Using the DCE Control Program Command Language will be available for use inside and outside of your procedure, as shown. You can use the return command to make your procedure return immediately. The value of the argument to return becomes the procedure’s return value. proc find {a} { if {a != b} { return 1 } return 0 } You can design procedures to take either no arguments or variable numbers of arguments.
OSF DCE Administration Guide—Core Components uplevel level arg arg arg The uplevel command is similar to eval; it concatenates arguments and executes them as scripts but, unlike eval, uplevel executes the script in the context specified by level rather than the current context. The level argument works the same in uplevel as it does in upvar. Use the parent’s context with a level argument of 1. Use the context of a first-level procedure with a level argument of #1.
Using the DCE Control Program Command Language Although it’s fairly easy for an administrator to scan a list and extract the necessary information from it, scripts operate in the dark, feeling their way through information. When scripts search for specific information, they usually ignore the notion of lists, operating instead on the collection of characters (called a string) that makes up a list.
OSF DCE Administration Guide—Core Components section for readability. This section consists of one or more conversion specifiers delimited by % (percent sign). Conversion specifiers define which parts of string get converted and stored, as well as the type of conversion.
Using the DCE Control Program Command Language You can perform pattern-matching operations in any of several ways. Invoke ‘‘glob’’ style pattern matching with the string match command. This mimics the glob pattern matching capabilities available in csh, returning 1 for a match and 0 for no match. More flexible regular expression pattern matching (like that found in egrep) can be performed using regexp command.
OSF DCE Administration Guide—Core Components The following example shows the kind of information that can be stored in errorInfo. Reading backwards, you can determine that the error occurred near line 4 of the script body in the parseagrs procedure called from the _dcp_create_user procedure of a user operation.
Using the DCE Control Program Command Language Use catch to invoke the rename command as a script. dcecp> 1 dcecp> catch {ren move move.old} The catch command treats its argument as a script and executes it, returning a 0 on successful execution. If an error occurs, it is caught by the catch command which returns a 1. You can add a second argument to the catch command. This argument is a variable that catch modifies to hold the script’s return value (on successful completion) or the error message.
OSF DCE Administration Guide—Core Components 2.14.3 Reissuing Complex Errors The proc command lets you create procedures or commands that perform very precise operations. For instance, a user-written procedure called _dcp_get_servers that retrieves and filters information about running servers could include nested commands or procedures that perform various subtasks such as looping through server information looking for certain strings.
Using the DCE Control Program Command Language • You could also modify DCE files that aren’t manipulated easily by using the dcecp hostdata object. For example, you could write a function that added a new attribute to the cds_attributes file. DCE as provided by OSF currently supports file operations only for UNIX systems or for systems that support POSIX system calls. However, some vendor DCE versions may support file operations on other systems. 2.15.
OSF DCE Administration Guide—Core Components file5 dcecp> The open command assigns a file identifier to each file when it is opened. Use the file identifier to refer to files in subsequent commands. Once a file is opened, you can add lines to a file by using the puts command. Normally, dcecp waits until it has accumulated sufficient data before writing this information to a file. If you want dcecp to immediately write the information to a file, use the flush command.
Using the DCE Control Program Command Language • Methods for streamlining complex or sophisticated scripts 2.16.1 Running Operating System Commands from a Script Although the DCE control program is versatile, there are times when you may want your script to use operating system commands to accomplish some simple (or even not-sosimple) operation. The exec command provides a way for scripts to perform external commands by forking a subprocess in which the command executes.
Chapter 3. Writing Scripts and dcecp Objects The DCE control program supplies a number of objects that offer administrative access to each manageable component in a DCE cell. For instance, the principal object lets administrators manage principal information in the DCE Security Service registry database. Similarly, the rpcgroup object lets administrators manage group information in CDS.
OSF DCE Administration Guide—Core Components 3.1 Informal Administration Scripts Informal administration scripts let administrators store multiple operations in a file and replay them whenever necessary. Informal scripts are useful for operations that take only one or two arguments or that just perform simple tasks. Furthermore, the script’s precise behavior and output can be custom tailored to the needs of its author.
Writing Scripts and dcecp Objects By chaining operations together, you can create scripts that do more. For example, the following script lists all the hosts in a DCE cell. Then it checks whether each host has an object entry in CDS for a dts-entity. (This would indicate that a DTS server is available on the host.) For each host with an object entry for a dts-entity, the script does a clock show operation which returns the time on that host.
OSF DCE Administration Guide—Core Components • An argument table at the beginning of the script defines operations as separate procedures within the script. An argument table can also define available options. A parseargs procedure is called to parse the arguments and options passed to the script when it is invoked. • Help information for each operation is placed in the argument tables in the script. Other script users can get this information by using standard dcecp help operations.
Writing Scripts and dcecp Objects {create command function_call _dcp_create_user "Create a DCE user" } {delete command function_call _dcp_delete_user "Delete a DCE user"} {show command function_call _dcp_show_user "Show the attributes of a DCE user"} {help help help_list "Print summary of command-line options and abort"} {operations operations operation_list "Return valid operations for command."}} set verbose_prose "This object allows the manipulation of a DCE user.
OSF DCE Administration Guide—Core Components script. Next it initializes variables entered either as options or as attributes in a list. A process_attribute_list procedure (at the end of the example) actually parses attributes that have been passed as a list. Then it does the work of creating the user information in the registry and in CDS. Near the end, the cleanup procedure _dcp_cleanup_user_create can undo a failed user create operation. . . [several low-level procedures omitted] .
Writing Scripts and dcecp Objects . {-uid integer uid "User Identifier of the principal to be added."}} # # Initializing some variables. # upvar 1 local_args cargs set local_args $cargs set account_args "" set princ_args "" set group_args "" set force 0 parseargs $arg_table local_args -no_leftovers if { [info local help_prose ] > 0 } { r e t u r n } if { [llength $local_args] > 1 } { error "Unrecognized argument [lindex $local_args 1]." } elseif { [llength $local_args] ==0}{error "No user name.
OSF DCE Administration Guide—Core Components } else { error "No admin password specified." } # # principal and group operations both use the principal’s fullname # if { [info local fullname] > 0 } { set princ_args [format "%s {%s {%s}}" $princ_args fullname \ $fullname] set group_args [format "%s {%s {%s}}" $group_args fullname \ $fullname] } if { [info local uid] > 0 } { set princ_args [format "%s {%s %s}" $princ_args uid $uid] } . . [repetitive elements omitted] .
Writing Scripts and dcecp Objects set org_arg "-org organization" } } set clup_user [concat $clup_user $group_arg $org_arg] if {[catch {_dcp_add_group_entry $group $element} msg] != 0} { eval $clup_user error $msg } if {[catch {_dcp_add_org_entry $organization $element} msg] !=0}{ eval $clup_user error $msg } if {[catch {_dcp_add_account_entry $element $account_args} \ msg] != 0} { eval $clup_user error $msg } if {[catch {_dcp_add_namespace_entry $element} msg] != 0} { eval $clup_user error $msg } } set _n
OSF DCE Administration Guide—Core Components proc process_attribute_list {attribute_list pile_of_attributes} { foreach element $pile_of_attributes { upvar 1 $element _dcp_$element } upvar 1 attribute_list _dcp_attribute_list set _dcp_attribute_list [check_list_list $_dcp_attribute_list] foreach element $_dcp_attribute_list { if { [llength $element] != 2 } { error "Incorrect attribute list element } set attribute_name [lindex $element 0] set attribute_value [lindex $element 1] set _dcp_attr_name [info vars _
Writing Scripts and dcecp Objects parseargs "" local_args -no_leftovers if { [info local help_prose ] > 0 } { r e t u r n } if { [llength $local_args] > 1 } { error "Unrecognized argument [lindex $local_args 1]." } elseif { [llength $local_args] ==0}{error "No user name." } else { set account_name $local_args } # Take the first element of the account_name in order to # eliminate list nesting.
OSF DCE Administration Guide—Core Components The procedure relies on arguments passed to it by the calling script. The parseargs procedure requires the following inputs: parse_options the argument table (arg_table) describing the parsing options. The parse_options argument can consist of five elements, as in the script’s top-level argument table, or four elements as in lower-level argument tables for called procedures within a script.
Writing Scripts and dcecp Objects found and processed. -no_leftovers Looks for extra options and generates an error if one is found. 3.2.3 Invoking Task Objects Once your task object is written (and tested), you need to make it available for use. If your script is intended just for your personal use, you can include it in your .dcecprc file and invoke it as described in Section 3.1. Formal task objects require a few steps to make them behave like other dcecp objects. 1.
Part 2.
Chapter 4. DCE Administration Task Objects This part of the discusses the purpose and use of DCE administration task objects provided with DCE Version 1.1. Generally, these special dcecp objects perform routine high-level administration tasks by combining several lower-level operations. Often, a single task object uses or affects multiple DCE services. For example, one of the task objects, the host object, can configure a host computer into a DCE cell.
OSF DCE Administration Guide—Core Components 4. Use the account object to create an account for the principal. 5. Use the directory object to create a directory for the principal in CDS. 6. Use the acl object to give the principal access to the CDS directory. Performing these six steps probably wouldn’t pose any problems in a small cell with 15 or 20 users.
DCE Administration Task Objects The remaining chapters in this part discusses how to manage these DCE elements by using the default implementations of the four dcecp task objects provided with DCE Version 1.1.
Chapter 5. Managing a DCE Cell From a cell administrator’s point of view, a DCE cell consists of a set of networked services that supports the execution of distributed applications. This simple statement, however, doesn’t really say anything about what services are currently available in your cell. In fact, the exact number of DCE servers and their locations differs from cell to cell. Even in the same cell, host and network outages and reconfigurations affect service availability.
OSF DCE Administration Guide—Core Components configured on that machine. dtsservers Each value is the name of a DTS server in the cell. hosts Each value is the name of a host in the cell, including machines mentioned previously as servers. This is simply the return value of a directory list /.:/hosts operation. The following example shows the names of all the configured DCE servers and hosts in the local cell: dcecp> cell show {secservers /.../my_cell.goodco.com/subsys/dce/sec/master} {cdsservers /...
Managing a DCE Cell 5.2 Testing Cell Operation When client-server communication problems occur, it’s easy to suspect that one or more DCE services is not operating in the cell. You can easily test whether a cell’s DCE services are running by invoking a cell ping operation. If called with no option, the cell ping operation performs a server ping operation on the master security server, on the CDS server that has a master clearinghouse, and all the DTS servers in the cell.
OSF DCE Administration Guide—Core Components Fortunately, DCE includes features that let you back up these essential databases to destinations of your choosing. Once you’ve begun using the DCE mechanism to back up CDS and security data, you can redirect your traditional backup program to ignore these DCE databases. The cell backup operation backs up the master security database and each clearinghouse with master replicas in the cell.
Managing a DCE Cell 5.4 Modifying or Extending the Cell Object The cell task object is implemented as a script so that administrators can modify or extend it on a per-site basis. Here are a few examples of possible modifications or extensions you can make: • Add a way to show GDS or DFS server information. • Add options to the cell show operation to omit listing all the hosts in a cell or to show only certain DCE servers. • Add a command to configure a new cell.
Chapter 6. Managing Your Cell Name Although cell names tend to be stable, there are times when you want to change them. Imagine that, shortly after you install and configure a new cell, a corporate reorganization makes your cell name inaccurate. Your old cell name /.../sales.goodco.com doesn’t reflect your new divisional organization in which the cell name /.../polyline.goodco.com would be more appropriate. What’s more, the Goodco company has just acquired new, international affiliations.
OSF DCE Administration Guide—Core Components or GDS (an X.500 global directory service). Once your cell is registered, users in remote cells can access your cell’s resources (provided they have the necessary permissions) by using global names. The following example shows a global DNS name identifying an ASCII line printer in a cell managed by the fictitious Goodco company: /.../sales.goodco.
Managing Your Cell Name dcecp> 2. cellalias create /.../polyline.goodco.com Use a cellalias set operation to set the new name to be the primary cell name. This operation modifies the new cell principal name so that it’s not an alias and performs a registry verify operation to ensure that all the replicas are up-to-date. Next, it uses the cdsalias object to set the alias name in CDS to be the primary cell name and synchronizes the CDS replicas.
Chapter 7. Managing DCE Hosts Larger DCE cells can contain many host computers, with some running both DCE servers and application servers while others act only as client systems. Still other hosts might run application servers but also act as clients to their resident users. Such flexibility in DCE host configurations can make it difficult to control or track what’s running or available on each host in a cell.
OSF DCE Administration Guide—Core Components /.../my_cell.goodco.com/hosts/bigbox /.../my_cell.goodco.com/hosts/drifter /.../my_cell.goodco.com/hosts/duh /.../my_cell.goodco.com/hosts/heater /.../my_cell.goodco.com/hosts/pc1 /.../my_cell.goodco.com/hosts/pc2 /.../my_cell.goodco.com/hosts/pc3 /.../my_cell.goodco.com/hosts/peewee /.../my_cell.goodco.com/hosts/xoltar /.../my_cell.goodco.com/hosts/xray /.../my_cell.goodco.
Managing DCE Hosts 7.3 Testing Whether a DCE Host is Running Because DCE communications often involve several steps before clients communicate with their servers, communication failures can be difficult to diagnose. For instance, a server may not be running on a host or the DCE services may not be currently running, even though the host has been configured into the cell.
OSF DCE Administration Guide—Core Components 7.5 Stopping DCE Processes Running on a Host Like the host start operation discussed in the previous section, the host stop operation is more encompassing than a server stop operation. It lets you stop all DCE processes on a host with a single command rather than issue a separate server stop operation for each server. This operation stops application servers, then DCE processes and finally, when stopping DCE processes on the local machine, stops dced.
Managing DCE Hosts The following example shows configuring host ptarmigan as a DCE client system. The cell’s security server is on host eagle and the CDS server is on host owl. The administrator’s principal name is cell_admin and the administrator’s password is -dce-. dcecp> host configure /.:/hosts/ptarmigan -client -secmaster eagle \ -cds owl -administrator cell_admin -password -dce- 7.7 Removing a DCE Host from a Cell Occasionally, you might want to remove a DCE host from a cell.
OSF DCE Administration Guide—Core Components 7.8 Modifying or Extending the Host Object The host task object is implemented as a script so that administrators can modify or extend it on a per-site basis. For example, administrators might want to add GDS and DFS information to the object. You could also add calls to specialized commands to start or stop application servers. For instance a printer stop operation could be useful.
Part 3.
Chapter 8. Managing DCE Users One of the most frequent DCE administration tasks is likely to be managing users in your DCE environment. Corporate reorganizations, changing business needs, and fluctuating economics all exert pressures causing users to come and go or to move between various groups or organizations. DCE users represent a big part of what DCE is designed to support; the DCE services authenticate and admit some while denying access to those who are unauthorized.
OSF DCE Administration Guide—Core Components reference page. Typically, a security group’s name is included in access control lists (ACLs) that regulate user access to various server and data objects in the DCE environment. A security organization maintains policies that are applied to all the principals that are members of that organization. Policies control things like the lifespan of accounts, whether or when account passwords expire, or whether passwords can contain nonalphanumeric characters.
Managing DCE Users dcecp> user create {R_Lee B_Joy N_Lynn D_Dee} -mypwd mxyzptlk \ -password change.me -group users -organization staff 8.2 Showing User Information Sometimes you might want to view the attributes for a user. For instance, you might want to see the expiration date for one or more accounts or view the fullname of a principal. The user show command returns the attributes associated with users that are included as arguments to the command.
OSF DCE Administration Guide—Core Components You can show information about multiple users by specifying a list of user names as an argument to the user create operation. 8.3 Deleting a User When users leave your organization, you might need to delete the user from the cell. Use the user delete command to do this. This operation removes the principal name from the registry which, in turn, deletes the account and removes the principal from any groups and organizations. The operation also deletes the /.
Managing DCE Users • Setting certain attributes or policies on all newly created principals and accounts to match the site’s policies. For example, you could set principals to have a pwd_val_type ERA and set accounts to generate random passwords. • Setting up site-specific defaults for passwords (to be changed by the user later), groups, organizations, principal directories, and so on. • Supporting a user modify command.
Chapter 9. Managing DCE Host Services and Host Data Some services like DTS, CDS, and the DCE Security Service registry, which produce or maintain cell-wide information, are centralized. Although the services they provide are available throughout a cell, the servers themselves typically reside on just a few selected hosts in a cell. Other DCE services are pervasive; that is, they reside on every host in a DCE cell.
OSF DCE Administration Guide—Core Components other daemons or processes. Occasionally however, you may need to manually start or restart this daemon. The dced program comprises a set of DCE host services that satisfies many needs of DCE client and server applications on a host system: • The endpoint mapper service acts as a directory of servers running on a host. Clients can acquire a registered server’s communication endpoint by looking in the host endpoint map.
Managing DCE Host Services and Host Data named dcelocal/var/dced/Ep.db so it won’t be lost if you stop and then restart dced for some reason. Another database file called dcelocal/var/dced/Srvrexec.db maintains information about servers (such as each server’s process ID) that are currently running on the host. The information in both of these databases becomes obsolete when a system reboots because most servers get different endpoints and different process IDs each time they start.
OSF DCE Administration Guide—Core Components 9.3 Managing Host Data Each host in a DCE cell maintains local data that is essential for operating in a DCE environment. For instance, each host’s DCE identity relies on certain data items that specify the host’s host name, cell name, and any cell aliases. Currently, these data items are stored in a local file called dcelocal/dce_cf.db. These and other data items can be modified remotely using the DCE control program’s hostdata object.
Managing DCE Host Services and Host Data Use the dcecp acl object to view or modify ACLs. For example, use the following operation to view the ACL for the hostdata container object on host silver: dcecp> acl show /.:/hosts/silver/config/hostdata {user hosts/silver/self criI} {unauthenticated r} {any_other r} 9.3.1.2 Permissions for the Hostdata Items Each of the following host identity data items is protected by an ACL: /.../cellname/hosts/hostname/config/hostdata/host_name /...
OSF DCE Administration Guide—Core Components Each DCE host maintains a protected local copy of the cell name and cell aliases of the cell in which the host is registered. Hosts keep this information in a local file called dcelocal/dce_cf.db which is owned by root. A hust uses this information for authentication purposes—as part of its host identity information.
Managing DCE Host Services and Host Data /.../my_cell.goodco.com/hosts/bronze/config/hostdata/cell_name \ -data {/.../my_cell.goodco.com}} 9.3.3 Manipulating Data in Other Host Files While the hostdata object is useful for changing cell name and cell alias information, it has a broader use too; you can use it to add, change, and remove data from any file that is accessible on a DCE host. One useful example is adding a new CDS attribute.
OSF DCE Administration Guide—Core Components they should take in a given situation. Note: User-prompted, interactive, client-generated messaging is handled through the standard DCE messaging interface. The serviceability component is used by the DCE components (RPC, DTS, Security, and so on) for their own server messaging, and it is made available as an API for use by DCE application programmers who wish to standardize their applications’ server messaging. (The serviceability API is described in the .
Managing DCE Host Services and Host Data ____________________________________________________ Name Meaning ____________________________________________________ ____________________________________________________ ____________________________________________________ ERROR Error detected: An unexpected event that is nonterminal (such as a timeout), or is correctable by human intervention, has occurred. The program will continue operation, although some functions or services may no longer be available.
OSF DCE Administration Guide—Core Components • By the contents of a routing file • By the contents of an environment variable • By command-line flags (usually -w), if supported by the server Note: Each of the methods accepts the string syntax form for serviceability routing specifications. In addition, dcecp allows you to use Tcl (Tool Commmand Language) syntax, which is easier to use when writing scripts.
Managing DCE Host Services and Host Data You can specify multiple target servers as a space-separated list. Specify each server by supplying either the RPC string binding that describes the server’s network location (string_binding_to_server) or a namespace entry of the server (RPC_server_namespace_entry). When specifying multiple servers, you can mix the forms in the same list. A serviceability_routing_specification is a space-separated list of serviceability routing elements.
OSF DCE Administration Guide—Core Components generation number is incremented, and the next file is opened. When the maximum number of files have been created and filled, the generation number is reset to 1, and a new file with that number is created and written to (thus overwriting the already-existing file with the same name), and so on.
Managing DCE Host Services and Host Data • Send warnings to standard output 9.4.2.1.2 Tcl Syntax The Tcl syntax for a serviceability routing specification is {severity output_form destination application-defined } where severity, output_form, destination, and application-defined are specified as previously described.
OSF DCE Administration Guide—Core Components 9.4.2.3 Using Environment Variables Serviceability message routing can also be specified by the contents of certain environment variables. If you use environment variables, the routings you specify will override any conflicting routings specified by a routing file.
Chapter 10. DCE Application Administration As DCE evolves, commonly needed functions are being included in the DCE infrastructure. As an example, DCE Version 1.1 includes server control capabilities that can manage server operation and help servers exit in a controlled and efficient manner. Application developers can rely on these capabilities rather than implement special mechanisms to handle them independently in every server.
OSF DCE Administration Guide—Core Components An application programmer or administrator could solve these kinds of problems by writing a script or application that monitors server operation, automatically starting or restarting servers when necessary. Such solutions frequently rely on host utilities like startup and shutdown programs or schedulers like cron. However, this often requires administrators to log into separate system administration accounts on each host.
DCE Application Administration The next example shows configuration information for the video_clip server on host silver in the local cell: dcecp> server show /.:/hosts/silver/config/srvrconf/video_clip {uuid 2fa417e8-bb4c-11cd-831b-0000c08adf56} {program {vclip}} {arguments {-catalog}} . . (Output Omitted) .
OSF DCE Administration Guide—Core Components services Identifies the services offered by the server. Each service attribute consists of an attribute list with the following elements: annotation A human-readable string describing the service. ifname The interface name of this service (specified in the interface definition file). interface The interface identifier (UUID and version number) of this service (specified in the interface definition file).
DCE Application Administration This section shows how to manage ACLs that protect server control information. For detailed information about setting and using ACL protections, see Chapter 28. 10.1.1.3.1 Permissions for the Server Configuration Container The server configuration information resides in a container. The container, a backing storage mechanism implemented as a file on UNIX systems, is owned by root and is also protected by an ACL.
OSF DCE Administration Guide—Core Components This ACL has the following permissions: c (control) Modify the ACL d (delete) Delete the server configuration information f (flag) Start the server with custom flags r (read) Read the server configuration information w (write) Modify the server configuration information x (execute) Start the server Use the acl object to view or modify ACLs.
DCE Application Administration i (insert) Create new execution information. I (Insert) Create new execution information for a server that runs as a privileged user (for example, as root). Such operations also require the i permission. Use the acl object to view or modify ACLs. For example, use this operation to view the ACL for the server execution container object on host silver: dcecp> acl show /.:/hosts/silver/config/srvrexec {user appl_admin criI} {unauthenticated r} {any_other r} Because /.
OSF DCE Administration Guide—Core Components dcecp> acl show /.:/hosts/silver/config/srvrexec -io {unauthenticated r} {any_other r} 10.1.2 Configuring Servers Use the server create operation to make an application server accessible to the server control facility. Configuring a server means creating the information needed to start and control the server. Typically this includes a server’s starting command line and arguments, along with other information needed to start DCE applications.
DCE Application Administration The next example configures the same server to start whenever the host system boots. The only difference from the preceding example is that the -starton option has a value of boot. dcecp> server create /.:/hosts/silver/config/srvrconf/video_clip \ -program {/usr/local/bin/vclip} \ -directory {/tmp} -arguments {-catalog} \ -principal {Vclip_Srv_1} \ -entryname {/.
OSF DCE Administration Guide—Core Components dcecp> server show /.:/hosts/silver/config/srvrconf/video_clip {uuid d860322b-d499-11cd-9dfb-0000c08adf56 1.0} {program {/usr/local/bin/vclip}} {arguments {-catalog}} {prerequisites {}} {keytabs {683cf29a-e456-11cd-8f04-0000c08adf56}} {services {{annotation "Video Clip Catalog and Server"}} {principals {Vclip_Srv_1}} {starton {explicit failure}} {uid 1441} {gid 1000} {dir {/tmp}} 10.1.
DCE Application Administration 10.1.6 Disabling and Enabling Services You can prevent clients from using a service offered by a server—even when the server is running—by setting its services to disabled. When set to disabled, server endpoint information is not returned to requesting clients, thereby preventing clients from finding servers. Instead, clients receive a server status of EPT not registered. Clients that previously acquired the server endpoint can still communicate with the server, however.
OSF DCE Administration Guide—Core Components Once you have created a new attribute, use a server modify operation, as explained Section 10.1.8, to insert the necessary data. More information about ERAs is provided in Chapter 32. You can review the attributes associated with an ERA by using an xattrschema show operation as shown in the following example: xattrschema show /.
DCE Application Administration ACLs on individual ERAs can prevent unauthorized principals from creating, reading, changing, or deleting ERA information. The following example shows permissions established for the objfamily ERA. In this example, the c permission has no effect because it was not assigned when the ERA was created with the xattrschema create operation. All users can query and test the ERA. Only the user named appl_admin can also update and delete the ERA. dcecp> acl show /.
OSF DCE Administration Guide—Core Components dcecp> server show /.:/hosts/silver/config/srvrconf/video_clip {uuid d860322b-d499-11cd-9dfb-0000c08adf56 1.0} {program {/usr/local/bin/vclip}} {arguments {-catalog}} {prerequisites {}} {keytabs {683cf29a-e456-11cd-8f04-0000c08adf56}} {services {{annotation "Video Clip Catalog and Server"}} {principals {Vclip_Srv_1}} {starton {explicit failure}} {uid 1441} {gid 1000} {dir {/tmp}} dcecp> server delete /.
DCE Application Administration In a DCE environment, clients and their servers frequently reside on different hosts in a network, so clients need a way to find servers.
OSF DCE Administration Guide—Core Components places the server identification information along with the current endpoint in the host’s endpoint map. 2. The dictionary server then advertises its availability to clients by placing (exporting) its host name (usually it’s the host address) and the transport it uses to a server entry in CDS. 3.
DCE Application Administration administrative authority. So most servers use dynamic endpoints. When a server starts up, the RPC runtime library gets an available endpoint from the operating system and registers it in the host endpoint map. Because a server can be assigned a different endpoint each time it starts, the endpoint information is stored in the endpoint map rather than CDS, which is a repository for more stable information; namely, the server’s host address and the transports it uses.
OSF DCE Administration Guide—Core Components 10.3.2 Restricting Endpoints You can restrict the assignment of endpoints (ports) for DCE servers and clients to a specific set. This is useful if your environment has applications other than DCE that are designed to use certain endpoints, and you do not want to be concerned about DCE servers or clients monopolizing them.
DCE Application Administration You can view information stored in a host’s endpoint map database by using an endpoint show operation. The following example shows the endpoint map information for the video_clip server on a remote host megazoid. Omit the hostname argument to operate on the local endpoint map. dcecp> endpoint show /.:/hosts/megazoid \ -interface {2fa417e8-bb4c-11cd-831b-0000c08adf56 1.0} \ {{object 99ff4fb8-c042-11cd-91cd-0000c08adf56} \ {interface {2fa417e8-bb4c-11cd-831b-0000c08adf56 1.
OSF DCE Administration Guide—Core Components Servers have CDS names like /.:/admin/finance/payroll/check_writer. When this check_writer server exports its server entry name to CDS, CDS stores it in a directory named /.:/admin/finance/payroll. Consequently, clients won’t confuse this check_writer with another check_writer named /.:/admin/finance/accts_payable/check_writer. Thus, unique server entry names fill a critical administration need, providing a way to access and control individual servers.
DCE Application Administration use to access that interface. The following example of a binding (shown in dcecp syntax) indicates the server is on the host with internet address 120.101.13.157 and is available using the User Datagram Protocol (UDP): {nacdg_ip_udg 120.101.13.157} When an interface identifier is available over several transports, the server entry contains bindings (one binding for each transport). Servers can offer more than one interface.
OSF DCE Administration Guide—Core Components interface or binding information. One reason to create an empty server entry is to establish ownership of the entry. Server entries are owned by the creator. If a server creates an entry, the server can also delete the entry later. You can preempt such a circumstance by creating the entry yourself. Later, the server exports its bindings to the existing server entry (provided that the ACL allows this).
DCE Application Administration -object {76030c42-98d5-11cd-88bc-0000c08adf56} 10.4.1.4 Importing Binding Information from a Server Entry in CDS Application client programs can automatically import server binding information from CDS and use it in their quest to find and communicate with a server. But occasionally, an administrator might want to import a binding. For instance, a client might lack access to CDS but it could still communicate with the server if you supplied it with a valid binding.
OSF DCE Administration Guide—Core Components Use an rpcentry unexport operation to remove server binding information as shown in the following example. Notice that the object UUID is not removed from the server entry unless you specify it as an option to the unexport operation. rpcentry unexport /.:/subsys/applications/bbs_server \ -interface {458ffcbe-98c1-11cd-bd93-0000c08adf56 1.0} dcecp> rpcentry show /.:/subsys/applications/bbs_server {76030c42-98d5-11cd-88bc-0000c08adf56} dcecp> 10.4.
DCE Application Administration Figure 10-3.
OSF DCE Administration Guide—Core Components You could temporarily make one department’s printers available to another group by adding its group name to the group entry of the other group as shown in the next group entry example: Group entry name: /.:/admin/finance/accts_payable_printers /.:/admin/finance/accts_payable/laser_10 /.:/admin/finance/accts_payable/laser_11 /.:/admin/finance/accts_payable/laser_12 /.:/admin/finance/accts_payable/laser_13 /.
DCE Application Administration 10.4.2.1 Creating a New Group Entry in CDS You can create an empty group entry in CDS by using an rpcgroup create operation. While group creation is frequently performed by applications that first use a group entry, creating an entry yourself establishes you as the owner of the entry. As the owner, you have ultimate control over who can export and manage information in the entry.
OSF DCE Administration Guide—Core Components 10.4.2.4 Importing Binding Information from a Group Entry in CDS Application client programs can automatically import server binding information from CDS and use it in their quest to find and communicate with a server. But occasionally, an administrator might want to import a binding. In the case where a client lacks access to CDS, it could still communicate with the server if you supplied the client with a valid binding.
DCE Application Administration 10.4.3 UsingProfiles to Direct Client Searches for Servers Group entries offer clients a random choice from among multiple available services. Although a group entry can help in load balancing and resource allocation, its random nature resists fine tuning. Furthermore, it doesn’t offer a way to prioritize servers for use by particular clients. Profiles offer a complimentary way to organize servers because you can prioritize the search order of the profile members.
OSF DCE Administration Guide—Core Components Figure 10-4.
DCE Application Administration /.:/admin/finance/accts_receivable/laser_22 /.:/admin/finance/accts_receivable/laser_23 3 4 Profile entry name: /.:/admin/finance/accts_receivable_printers/pats_profile /.:/admin/finance/accts_receivable/laser_20 3 /.:/admin/finance/accts_receivable/laser_21 4 /.:/admin/finance/accts_receivable/laser_22 2 /.:/admin/finance/accts_receivable/laser_23 1 Profile entry name: /.:/admin/finance/accts_receivable_printers/wills_profile /.:/admin/finance/accts_receivable/laser_20 2 /.
OSF DCE Administration Guide—Core Components 10.4.3.2 Adding a Profile Member You can use an rpcprofile add operation to add a member to a profile entry. If the profile entry does not exist, the operation creates the profile entry and adds the member. The member can be a server entry or another profile entry. To add a member to the /.:/subsys/applications/wards_profile profile entry in CDS, use an rpcprofile add operation as in the following example which adds the server entry /.
DCE Application Administration 10.4.3.4 Importing Binding Information from a Profile Entry in CDS Application client programs can automatically import server binding information from CDS and use it in their quest to find and communicate with a server. But occasionally, an administrator might want to import a binding. In the case where a client lacks access to CDS, it could still communicate with the server if you supplied the client with a valid binding.
OSF DCE Administration Guide—Core Components Organization changes or server redeployments can make some profiles obsolete. When you want to remove a profile entry from CDS, use an rpcprofile delete operation. The following example illustrates removing an obsolete profile entry called /.:/subsys/admin/temporaries/74232_profile from CDS: dcecp> rpcprofile delete /.:/subsys/admin/temporaries/74232_profile 10.5 Client Administration So far, this chapter has focused on server administration issues.
DCE Application Administration If you are installing and configuring the server and client parts of an application, make a note of the server’s entry name when you configure the server. If you are not installing or configuring the server (for instance, the server was previously installed), you might need to do some detective work to determine the name to use. There are several places you can look.
OSF DCE Administration Guide—Core Components an entry name because it offers an easy way to use a different entry name should the need arise. The client configuration documentation should include instructions on how to pass the name to the client. One method uses a script or batch file that contains the command to start the client along with arguments that include the appropriate server entry name.
Part 4.
Chapter 11. Introduction to the DCE Directory Service Distributed processing involves the interaction of multiple systems to do work that is done on one system in a traditional computing environment. One challenge resulting from this network-wide working environment is the need for a universally consistent way to identify and locate people and resources anywhere in the network.
OSF DCE Administration Guide—Core Components addresses of RPC servers and the interfaces they support. When an RPC client wants to make a call to a particular server, it can query the directory service for the information necessary to contact that server. If the client wants to access a specific resource that is named in the directory service, it can query for that specific name.
Introduction to the DCE Directory Service • By entering a name or some information about a printer’s capabilities, a user can learn the printer’s network address. For example, the user may want to find the address of the closest and fastest available color printer. • A user needs information from an employee in the marketing department. The user remembers that the employee’s last name is Wong, but cannot remember the first name.
OSF DCE Administration Guide—Core Components topology. Figure 11-1. Cell and Global Naming Environments GDS CDS CDS Cell 1 Cell 2 DNS is a widely used existing global name service for which DCE offers support. Many networks currently use DNS primarily as a name service for Internet host names. Although DNS is not a part of the DCE technology offering, the directory service contains support for cells to interoperate through DNS. The GDA is the DCE component that makes cell interoperation possible.
Introduction to the DCE Directory Service Scenario A Scenario B DNS GDS 2 3 2 GDA 1 CDS 5 3 GDA 4 CDS 1 4 CDS 5 CDS The GDA helps CDS resolve names A. in another cell that is registered in DNS B. in another cell that is registered in GDS 11.4 How Cells Determine Naming Environments In addition to delineating security and administrative boundaries for users and resources, cells determine the boundaries for sets of names.
OSF DCE Administration Guide—Core Components The GDS name syntax consists of a global prefix /... and a set of elements, called Relative Distinguished Names (RDNs). Each RDN consists of one or more pairs of parts separated by an = (equal sign) character. The items that are separated by an equal sign are multiple AVAs (Attribute Value Assertions). See the for more information about AVAs. The first part of a pair is an abbreviation that indicates a type of information.
Introduction to the DCE Directory Service any given time, while a parent can have more than one child. The GDA is the communications gateway between the CDS namespaces of cells in a hierarchy, as it is between CDS and the global directory services. When the GDA receives a request for information about a cell, and the cell is a child cell, the GDA returns information about the CDS in the parent cell. The CDS of the parent cell provides the pointers to the child cell.
OSF DCE Administration Guide—Core Components 11.4.3 Alias Cell Names You can give a cell more than one global name by creating an alias name for the cell. In this case, the cell has a primary name, which is the name that DCE services return for the cell when queried, and one or more cell aliases that the DCE services recognize in addition to the primary name.
Introduction to the DCE Directory Service • When using a name that is within your cell, you can omit the cell name and include the /.: prefix. • When using a name that is outside of your cell, enter its global syntax, including the /... prefix and the cell name. • When someone asks for the name of a resource in your cell, give its global name, including the /... prefix. • When storing a name in persistent storage (for example, in a shell script), use its global name, including the /... prefix.
OSF DCE Administration Guide—Core Components (See the for more information on local file system abbreviations.) 11.5 An In-Depth Analysis of DCE Names The rest of this chapter describes in depth the different kinds of names that make up the DCE namespace. Appendix A and the contain further details about valid characters and naming conventions in CDS, GDS, and DNS names. 11.5.1 CDSNames Every cell contains at least one server that is running a CDS server.
Introduction to the DCE Directory Service Figure 11-3. Sample CDS Namespace Hierarchy /.: hosts subsys dce The complete specification of a CDS name, going left to right from the cell root to the entry being named, is called the full name. Each element within a full name is separated by a / (slash) and is called a simple name. For example, suppose the /.:/hosts directory shown in Figure 11-3 contains an entry for a host whose simple name is bargle. The CDS full name of that entry is /.:/hosts/bargle.
OSF DCE Administration Guide—Core Components Distinguished Names (RDNs). Each RDN consists of one or more assertions of the type and value of an attribute at a particular position in the DIT. Attribute types indicate the nature of the information that is stored in the attribute value. A pair consisting of an attribute type and value is known as an Attribute Value Assertion (AVA). RDNs can have multiple AVAs.
Introduction to the DCE Directory Service Note that the figure shows the global DCE convention for distinguished names. Each distinguished name starts with the representation of the global root (/...). Attribute types and values are separated by equal signs, and RDNs are separated by slashes. These conventions for specifying names are not followed by all X.500 implementations. In addition, these conventions are only used at the GDS adminstration interface level.
OSF DCE Administration Guide—Core Components 11.5.3 DNSNames The DCE naming environment supports the version of DNS that is based on Internet Request for Comments (RFC) 1034 and RFC 1035. Many networks currently use DNS primarily as a name service for host names. The most commonly used implementation of DNS is the Berkeley Internet Naming Domain (BIND). The BIND namespace is a hierarchical tree with its topmost levels under the control of the Network Information Center (NIC).
Introduction to the DCE Directory Service 11.5.4 Names Outside of the DCE Directory Service Not all DCE names are stored directly in the DCE Directory Service. Some services connect into the cell namespace by means of specialized CDS entries called junctions. A junction entry contains binding information that enables a client to connect to a server outside of the directory service.
Chapter 12. CDS Concepts The Cell Directory Service (CDS) is a high-performance distributed service that provides a consistent, location-independent method for naming and using resources inside a cell. CDS offers the ability to replicate CDS names; that is, to store copies of them on more than one node. CDS automatically keeps multiple copies consistent. Names also can be distributed among several nodes so that no one node has to store all of them. This feature is particularly valuable in large cells.
OSF DCE Administration Guide—Core Components information for CDS to store as attributes of a name. Then, when a client application user refers to the resource by its CDS name, CDS retrieves data from the attributes for use by the client application. A system running CDS server software is a CDS server. A CDS server stores and maintains CDS names and handles requests to create, modify, or look up data. A component called the clerk is the interface between client applications and CDS servers.
CDS Concepts 5. The server returns the information to the clerk on Node 1. 6. The clerk passes the requested data to the client application. The clerk also caches the information so that it does not have to contact a server the next time a client requests a lookup of that same name. Figure 12-2. A Sample CDS Lookup Node 1 Cache 1 CDS clerk Client application 6 5 Node 2 2 3 CDS server Clearinghouse 4 Request path Response path 12.
OSF DCE Administration Guide—Core Components Two types of replicas can exist: • Master • Read-only A replica’s type affects the processing that can be done on it and the way CDS updates it. The type of replica that CDS uses when it looks up or changes data is invisible to users. However, it helps to understand how the two types differ. The master replica is the first instance of a specific directory in the cell’s namespace.
CDS Concepts Every object can have a defined class, which is an optional attribute of the object entry. DCE components that use the directory service can define their own object classes and supply class-specific attributes for the directory service to store on their behalf. Classspecific attributes have meaning only to the particular class of objects with which they are associated. The clearinghouse object entry represents a special class of object that is predefined by CDS.
OSF DCE Administration Guide—Core Components Users and applications do not create child pointers; CDS creates a child pointer automatically when someone creates a new directory. The child pointer is created in the directory that is the parent of (one level above) the directory to which it points. CDS uses child pointers to locate directory replicas when it is trying to find a name. Child pointers do not require management except in rare problem-solving situations. 12.2.
CDS Concepts example, a CDS server allows a user to create a new directory only if that user’s identity has been verified. The process of verifying that users are who they say they are is called authentication. The proof is in the form of a user name, or principal name, coupled with a special kind of password.
OSF DCE Administration Guide—Core Components on creating ACLs for unauthenticated users.) 12.4 CDS User Interfaces CDS has several entities that can be managed via user interfaces that are provided in DCE. A CDS entity is any individually manageable piece of the CDS software. CDS directories, soft links, and object entries are the most common entities that you manage with the DCE user interfaces. Some object entries, though, are normally managed through the client application that creates them.
Chapter 13. How CDS Looks Up Names This chapter illustrates the relationship between a name and the physical resource that it describes, and explains how CDS handles requests to look up names. Understanding these concepts can help you to plan for the location of clearinghouses and directories in your cell namespace. It can also help you to isolate the source of a problem if you encounter lookup errors or failures.
OSF DCE Administration Guide—Core Components Figure 13-1. Logical and Physical Views of a Namespace LEGEND: /.: = Replica = Object entry = Child pointer = Soft link /.:/NY_CH /.:/Paris_CH /.:/subsys /.:/subsys /.:/subsys/Print1 /.:/subsys/PrintQ /.:/subsys/PrintQ /.:/subsys/PrintQ/server1 /.:/subsys/PrintQ/server2 Node 1 /.:/Paris_CH Node 2 /.:/NY_CH /.: /.:/subsys/PrintQ /.: /.:/subsys To discover the physical location of a resource, CDS looks up an attribute that is associated with its name.
How CDS Looks Up Names contains RPC binding information that CDS uses to contact the node where the clearinghouse resides. (See Appendix B for a list of CDS attributes and their descriptions.) Figure 13-2. Clearinghouse Object Entries and Clearinghouses LEGEND: /.: = Replica = Object entry /.:/NY_CH /.:/Paris_CH Node 1 Node 2 /.:/Paris_CH /.:/NY_CH /.: /.: /.:/Paris_CH /.:/Paris_CH /.:/NY_CH /.
OSF DCE Administration Guide—Core Components Figure 13-3. A Soft Link and Its Resolution LEGEND: /.: = Replica = Object entry = Soft link Node 2 /.:/subsys /.:/subsys/Print1 /.:/NY_CH /.:/subsys/PrintQ /.:/subsys /.:/subsys/Print1 /.:/subsys/PrintQ/server1 Node 1 /.:/Paris_CH /.:/subsys/PrintQ /.:/subsys/PrintQ/server1 /.:/subsys/PrintQ/server1 Figure 13-4 shows the relationship between directories and their associated child pointers.
How CDS Looks Up Names In the /.:/NY_CH clearinghouse, the replica of the /.:/subsys directory contains a child pointer for the /.:/subsys/PrintQ directory. The child pointer’s XSCDS_Replicas attribute contains the name and address of the /.:/Paris_CH clearinghouse, where a replica of the /.:/subsys/PrintQ directory exists. When a directory has multiple replicas, as is normally the case, the CDS_Replicas attribute lists all of the clearinghouses containing a replica of the directory.
OSF DCE Administration Guide—Core Components exist in the clerk’s cache, the clerk must know of at least one CDS server to contact in search of the name. The clerk can learn about CDS servers and their locations in any of three ways: • Through the solicitation and advertisement protocol • During a regular lookup • By response to the cdscache create command 13.2.
How CDS Looks Up Names LEGEND Node A Client 6 = Request path = Response path = Replica = Object entry = Child pointer 1 /.:/Sales/Spell ? Clerk Node B /.:/Bristol_CH 2 /.: /.:/Sales ? Server 3 /.:/Sales is in /.:/London_CH Node C /.:/London_CH 4 /.:/Sales ? Server /.:/Sales/Spell 5 Success! As shown in Figure 13-5, the clerk locates the desired object entry by performing the following steps: 124243 1. On Node A, a spell-checking application requests the network address of the /.
OSF DCE Administration Guide—Core Components 6. The clerk returns the information to the client application, which can now make a remote call to the spell-checking server. Long lookups, as illustrated in Figure 13-5, do not normally happen often after a clerk establishes its cache and becomes more knowledgeable about clearinghouses and their contents. However, the figure illustrates the resources and connections that could be involved in an initial lookup.
Chapter 14. How CDS Updates Data Once names exist in the namespace, users who have the appropriate access can make changes to the data associated with the names. Any addition, modification, or deletion of CDS data initially happens in only one replica: the master replica. This chapter introduces the main methods by which CDS keeps other replicas consistent: update propagation and the skulk operation. It also describes two timestamps that help to ensure consistency in CDS data.
OSF DCE Administration Guide—Core Components during an update propagation and to remove outdated information from the namespace. For hierarchical cells, the skulk updates the child pointers in the parent cell and the up pointers in the child cell (which point to the parent) so they reflect the updated information. Skulk maintenance functions include the following: • Removing soft links that have expired. You can specify an expiration time when you create a soft link.
How CDS Updates Data CDS uses several timestamps to help ensure the consistency and accuracy of data. The following two timestamps exist for every entry: • Creation Timestamp (CTS) • Update Timestamp (UTS) CDS assigns a CTS to everything that is in a cell namespace: clearinghouses, directories, object entries, soft links, and child pointers. The CTS is a unique value reflecting the date, time, and location where a clearinghouse, directory, or entry in a directory was created.
Chapter 15. Managing the DCE Directory Service The DCE control program (dcecp) provides most of the commands you need to manage CDS. This chapter describes the CDS entities that the DCE control program permits you to manage and summarizes the available commands for managing these entities. A few CDS management tasks cannot be performed using dcecp. To perform these tasks, you need to use the CDS control program (cdscp).
OSF DCE Administration Guide—Core Components link This object represents a soft link in a CDS directory. A soft link is a pointer to (alternate name for) a child directory, object entry, or other soft link. object This object represents a object entry, which is the name of a CDS resource that appears in the cell namespace. Some object entries name resources that CDS clients can access (for example, a disk, machine, or application).
Managing the DCE Directory Service _____________________________________________________________ Operation Definition _____________________________________________________________ _____________________________________________________________ directory, object entry, soft link, clearinghouse, or CDS cache. _____________________________________________________________ list Displays the names of all of the CDS objects contained in a directory.
OSF DCE Administration Guide—Core Components 15.2 Using the CDS Control Program At the current time, you must use cdscp, rather than dcecp, for certain CDS maintenance tasks. For example, only cdscp allows you to stop a CDS clerk (disable clerk) or to reconstruct a directory’s replica set by changing the version number ( set directory to new epoch). In addition to describing the cdscp commands that dcecp does not currently implement, this section provides basic instructions for using cdscp. 15.2.
Managing the DCE Directory Service TABLE 15-2. CDS Control Program Commands ___________________________________________________________ Commands Definitions ___________________________________________________________ ___________________________________________________________ disable clerk Stops the execution of a CDS clerk. ___________________________________________________________ disable server Stops the execution of a CDS server.
Chapter 16. Controlling Access to CDS Names This chapter presents information on the following CDS authorization topics: • Overview of DCE authorization for CDS • DCE authorization components supported by CDS • DCE permissions supported by CDS • Controlling access to CDS clerk and server management operations • Control program commands and required permissions • Editing ACLs on CDS names • How CDS servers gain access to the namespace • Setting up access control in a new namespace 16.
OSF DCE Administration Guide—Core Components ACL management software on that system examines the ACL entries that are associated with the principal name that represents the clerk or server. The software then grants or denies the operation, based on the permissions granted to the requesting principal in the ACL entries. The DCE control program (dcecp) provides commands that add, modify, copy, delete, and display ACLs that are associated with CDS names, clerks, and servers.
Controlling Access to CDS Names 16.3 How Permissions Propagate to CDS Directories and Their Contents By creating all three ACL types (Object ACL, Initial Object Creation ACL, and Initial Container Creation ACL) for a directory, you can grant access not only to the directory itself but also to the directory’s future contents and all child directories (and their contents) that may later be created. Note: Permissions do not propagate from parent cells to child cells.
OSF DCE Administration Guide—Core Components ________________________________________________________________________ Entry Type Purpose ________________________________________________________________________ ________________________________________________________________________ user Specifies an ACL entry for an individual principal whose credentials were authenticated within the local cell.
Controlling Access to CDS Names ________________________________________________________________________ Entry Type Purpose ________________________________________________________________________ ________________________________________________________________________ individual users named by an ACL entry of the type foreign_user_delegate or members of a group named by an ACL entry of the type foreign_group_delegate.
OSF DCE Administration Guide—Core Components perform the operation. The creator of a name is automatically granted all permissions that are appropriate for the type of name that is created. For example, a principal that is creating an object entry is granted read, write, delete, test, and control permissions to the object entry. A principal that is creating a directory is granted read, write, insert, delete, test, control, and administer permissions to the directory.
Controlling Access to CDS Names the following command: dcecp> acl modify /.:/hosts/orion/cds-clerk -change {user michaels rw} Keep in mind that clerks and servers are also represented by entries in the namespace. To edit an ACL that is associated with the namespace entry for a CDS clerk or server, you must include the -entry option, as well as the -change option, in the acl modify command line. For detailed instructions on how to modify an ACL on the CDS entry for a DCE resource, see Section 16.8. 16.
OSF DCE Administration Guide—Core Components _________________________________________________________________________ Commands Required Permissions _________________________________________________________________________ write, and administer permissions to the directory that you intend to replicate.
Controlling Access to CDS Names _________________________________________________________________________ Commands Required Permissions _________________________________________________________________________ _________________________________________________________________________ object modify Write permission to the object entry for which you want to add ( -add option) or change (-change option) the attribute or attribute value.
OSF DCE Administration Guide—Core Components _________________________________________________________________________ Commands Required Permissions _________________________________________________________________________ _________________________________________________________________________ link delete Delete permission to the soft link, or administer permission to the directory that stores the soft link to be deleted.
Controlling Access to CDS Names For example, to edit the permissions in the Object ACL that is associated with a CDS entry for a clearinghouse named /.:/Paris1_CH, you would enter the following command: dcecp> acl modify /.:/Paris1_CH -entry -change {unauthenticated -} To edit the permissions in the Object ACL that is associated with the /.:/Paris1_CH clearinghouse itself, you would enter the following command: dcecp> acl modify /.
OSF DCE Administration Guide—Core Components 16.10 Setting Up Access Control in a New Namespace You should plan a consistent access control policy and be ready to implement the policy as soon as you configure your first CDS server and before you create or populate any new directories. Among the tasks you can perform are the following: • Adding members to the namespace authorization group • Creating additional authorization groups • Establishing maximum permissions for unauthenticated principals 16.
Controlling Access to CDS Names 16.10.3 Establishing Maximum Permissions for Unauthenticated Principals If you want to apply a namespace-wide set of maximum permissions for all unauthenticated principals, you should do so immediately after you configure your first CDS server and before you create and populate any directories below the cell root.
Chapter 17. Managing Clerks, Servers, and Clearinghouses CDS clerks, servers, and clearinghouses are initially created and started as part of the CDS clerk and server configuration. Thereafter, clerk and server processes are created and started with a series of commands that are executed either manually or by the startup scripts on the systems where they are running. These CDS entities are largely selfregulating and, apart from routine monitoring, require only minor management intervention.
OSF DCE Administration Guide—Core Components 17.1.2 Displaying Server Counters Use the cdscp show server command to display the current counter values for a server. For example, to display the current values of all the attributes that are associated with a server, you enter the following command: cdscp> show server 17.1.
Managing Clerks, Servers, and Clearinghouses 17.3 Displaying the Contents of a Clearinghouse Use the dcecp clearinghouse show command with the -clear option and specify the CDS_CHDirectories attribute to display the directory names of all the directories that are stored in a particular clearinghouse. For example, to display the names of the directories that are stored in the clearinghouse /.:/Chicago2_CH, you enter the following command: dcecp> clearinghouse show /.
OSF DCE Administration Guide—Core Components 17.5.2 Disabling a Server To disable the server that is on the local node, enter the following command: cdscp> disable server 17.6 Restarting Clerks and Servers CDS clerk and server processes are created and started automatically by startup scripts that execute whenever the host system is rebooted.
Managing Clerks, Servers, and Clearinghouses 2. Enter the following command to see if the dced process is already running: # 3. If the dced process appears on the list of active processes, proceed to step 4. If the dced process does not appear on the list of active processes, enter the following command to start the process: # 4. ps -e If the cdsadv process appears on the list of active processes, proceed to step 6.
OSF DCE Administration Guide—Core Components 3. Perform the system upgrade. 4. Restore all the files that you backed up in step 2. 5. Follow the procedure described in Section 17.6 for restarting a server. When the server process starts, it automatically locates the appropriate restored files and starts all clearinghouses on the system. 17.
Managing Clerks, Servers, and Clearinghouses • How recently the backup was created • What modifications were made since that time • Whether the backup included dcelocal/var/directory/cds the clearinghouse files in the directory If you decide to use operating system backups, you only need to back up the server systems whose clearinghouses store master replicas of directories.
Chapter 18. Managing CDS Directories If you manage a namespace in a small, slow-growth network of 25 nodes or less, you can maintain all your names in the root directory and may not need to create additional directories. However, if you manage a namespace in a network of more than 25 nodes, you should consider creating at least one additional level of directories under the root.
OSF DCE Administration Guide—Core Components 18.1.1 Permissions for Creating a Directory To create a directory, you need the following permissions: • Insert permission to the parent of the new directory. • Write permission to the clearinghouse that stores the master replica of the new directory. • The server principal for the server system where you enter the DCE control program’s (dcecp) directory create command must have read and insert permissions to the parent directory of the new directory.
Managing CDS Directories 18.1.3 Checking the ACL Entries for a New Directory After you create a directory, you want to verify that the users and applications for whom the directory was created have the appropriate permissions. To do this, use the acl show command on the directory to see the associated ACL entries. For example: dcecp> acl show /.
OSF DCE Administration Guide—Core Components Eventually, all clearinghouses that contain a replica of this directory will detect the presence of the CDS_UpgradeTo attribute and upgrade the CDS_ReplicaVersion attribute on the appropriate replica.
Managing CDS Directories 18.2.1 Before You Create a Replica Before you try to create a replica, verify that the clearinghouse containing the master replica of the directory you intend to replicate is running and reachable. To verify that this condition is satisfied, follow these steps: 1. For the directory that you intend to replicate, use the directory show command to display the directories attribute values and look at the CDS_Replicas attribute.
OSF DCE Administration Guide—Core Components dcecp> directory show :/sales /. -replica -clearinghouse /.:/Chicago1_CH {RPC_ClassVersion {01 00}} {CDS_CTS 1994-08-12-09:52:30.396-04:00I0.000/00-00-c0-f7-de-56} {CDS_UTS 1994-08-12-09:52:31.506-04:00I0.000/00-00-c0-f7-de-56} {CDS_ObjectUUID a37d84d0-b5dc-11cd-8ffe-0000c0f7de56} {CDS_Replicas {{CH_UUID ce7ed810-b5db-11cd-8ffe-0000c0f7de56} {CH_Name /.../Chicago1/Chicago1_CH} {Replica_Type Master} {Tower {ncacn_ip_tcp 130.105.5.16}} {Tower {ncadg_ip_udp 130.105.
Managing CDS Directories 18.2.3 Entering the directory create Command Use the directory create command with the -replica and -clearinghouse options to create a replica of a directory and store it in the clearinghouse that you specify. For example, the following command creates a replica of the /.:/mfg directory and stores the replica in a clearinghouse that is named /.:/Paris1_CH: dcecp> directory create /.:/mfg -replica -clearinghouse /.:/Paris1_CH 18.
OSF DCE Administration Guide—Core Components 18.4 Skulking a Directory The skulk operation is a periodic distribution of recent modifications that were made to the namespace. CDS skulks every directory at regular intervals according to the value assigned to the directory’s CDS_Convergence attribute.
Managing CDS Directories Skulk failure does not make CDS unusable. Although the skulking process is unable to update information in a replica that it cannot contact, it always updates information in the replicas that it can reach. Temporarily, some replicas contain the latest information and some do not. When a skulk fails, CDS automatically repeats the skulking process, at an interval based on the directory’s convergence value, until all replicas in the set are updated with the latest changes.
OSF DCE Administration Guide—Core Components The value assigned to a directory’s CDS_Convergence attribute determines how frequently the server that stores the master replica of the directory initiates a skulk of the directory’s replica set. A directory’s convergence can be set to a value of high, medium,or low. A directory that is set to a convergence value of high is skulked at least once every 12 hours.
Managing CDS Directories following command sets the convergence value of the /.:/sales/us directory to high: dcecp> 124243 directory modify /.
Chapter 19. Viewing the Structure and Contents of a Namespace When you need to view the structure and contents of the cell namespace, you can use one or more programs provided by CDS. The CDS browser (cdsbrowser) allows you to display namespace information in a windowing environment, while the DCE control program (dcecp) and CDS control program (cdscp) display the information through their command line interfaces.
OSF DCE Administration Guide—Core Components sets the confidence level of clerk calls to low. When you start the CDS browser, an icon representing the root directory is the first item to be displayed in the window. Directories, soft links, and object entries all have distinct icons associated with them. Table 19-1 shows the CDS browser icons and what they represent. TABLE 19-1.
Viewing the Structure and Contents of a Namespace namespace. Note: Use Expand All with care if you have a large namespace. The larger a namespace, the longer it takes to display its entire contents. 19.1.4 Filtering the Namespace Display Using the Filters menu, you can selectively display object entries of a particular class. For example, if you are interested in seeing the entries for clearinghouse objects only, choose the class CDS_Clearinghouse from the Filters menu.
OSF DCE Administration Guide—Core Components For a complete listing of a directory’s contents, you enter the directory list command with the name of the directory or directories whose contents you wish to view. For example: dcecp> directory list /.:/eng /.../eng_cell.osf.org/hosts/eng/aud-acl \ /.../eng_cell.osf.org/hosts/eng/aud-svc \ /.../eng_cell.osf.org/hosts/eng/cds-clerk \ /.../eng_cell.osf.org/hosts/eng/cds-server \ /.../eng_cell.osf.org/hosts/eng/dts-entity \ /.../eng_cell.osf.
Viewing the Structure and Contents of a Namespace dcecp> clearinghouse show /.:/Chicago2_CH {RPC_ClassVersion {01 00}} {CDS_CTS 1994-01-24-07:12:51.966-05:00I0.000/00-00-c0-f7-de-56} {CDS_UTS 1994-02-03-07:17:35.794-05:00I0.000/00-00-c0-f7-de-56} {CDS_ObjectUUID 0094e40e-bb43-1d43-9e0a-0000c0f7de56} {CDS_AllUpTo 1994-02-03-09:17:06.393-05:00I0.000/00-00-c0-f7-de-56} {CDS_DirectoryVersion 3.0} {CDS_CHName /.../Chicago2/Chicago2_CH} {CDS_CHLastAddress {Tower ncacn_ip_tcp:130.105.5.
OSF DCE Administration Guide—Core Components 19.2.2 Displaying Clerk and Server Attribute Information To show the values of the attributes associated with clerk and server entries in the cell namespace, you must use cdscp.
Chapter 20. Using the CDS Subtree Commands to Restructure CDS Directories Sometimes, because of corporate restructuring or for other reasons, you need to combine or rearrange various directories or subtrees of directories in your CDS namespace. For example, suppose the engineering group in your organization, /.:/eng, is combined with the research and development group, /.:/rnd, and that the two groups begin to share a common set of applications and other network resources.
OSF DCE Administration Guide—Core Components Note: The presence of clearinghouses, duplicate names, or unreachable names in a merged directory requires special handling. The merge and append operations described in the following sections assume that no duplicate names exist in the source and target directory or subtree, and that the clearinghouses that store the master replicas of affected directories are enabled and reachable at the time the operations are initiated.
Using the CDS Subtree Commands to Restructure CDS Directories To copy the descendants of any child directories of a directory to a target location, you must use the -tree option of the command. For example, if the /.:/eng directory in the previous example included the child directories dev and qa, and you wanted to merge the contents of these directories into the target directory /.:/rnd, you would enter the following command line: dcecp> directory merge /.:/eng -into /.
OSF DCE Administration Guide—Core Components The sequence of commands to synchronize and delete the /.:/eng directory and then create soft links for the former contents are as follows: dcecp> dcecp> dcecp> directory synchronize /.:/eng directory delete /.:/eng -tree link create /.:/eng -to /.:/rnd The directory delete command invoked with the -tree option deletes a directory and all the object entries, soft links, and child directories beneath that directory.
Using the CDS Subtree Commands to Restructure CDS Directories 3. Run the directory merge command to append the source directory /.:/eng to the /.:/rnd directory (or merge it into the new /.:/rnd/eng directory): dcecp> directory merge /.:/eng -into /.:/rnd/eng If the source directory contains any child directories whose contents you want to copy over, you must specify the -tree option in the directory merge command line.
OSF DCE Administration Guide—Core Components Figure 20-3. Example Namespace Before and After the Append Operation Before Append After Append /.: /.: /eng obj1 /rnd link1 obj2 /eng link2 obj1 /rnd link1 /eng obj2 obj1 link2 link1 ZK− 5699A −GE 20.2.
Using the CDS Subtree Commands to Restructure CDS Directories destroying the identical names in the target directory. If duplicate names exist, you need to decide which names you want to preserve: the names in the source subtree or the names in the target subtree. Once you have made your decision, proceed in the following manner: 1. Use the dcecp create commands to recreate (under a new name) any duplicate object entry or soft link as a new object entry or soft link in the source or target subtree.
OSF DCE Administration Guide—Core Components TABLE 20-1. Permissions Required To Create Target Objects ________________________________________________ Objects Required Permissions _______________________________________________ _________________________________________________ directory Write permission to the clearinghouse that is to store the master replica of the new directory. Insert and read permissions to the parent of the new directory.
Using the CDS Subtree Commands to Restructure CDS Directories 20.4.2 Performing a Merge Operation into a Foreign Cell To merge CDS data into the namespace of a foreign cell, follow these steps: 1. While logged into a privileged account (cell_admin or a member of cds-admin group) on the target machine in the foreign cell, run the directory merge command to merge the contents of the source cell’s directory with an existing directory. 2.
Chapter 21. Restructuring a Namespace Over time, you may need to restructure or rename certain elements of your namespace. For example, you may want to create soft links to provide users with one or more alternate names for an existing namespace entry. You may need to reconfigure a directory’s replica set to modify the locations and replica types of particular replicas, or exclude a replica from the set.
OSF DCE Administration Guide—Core Components 21.1.1 Creating a Soft Link Use the DCE control program (dcecp) link create command to create a soft link. In addition to the name for the new soft link, you must specify the soft link’s destination name, or existing name to which the new soft link points, with the -linkto option. You can specify any name in the local cell namespace or in any foreign cell namespace, as the destination name, including another soft link.
Restructuring a Namespace /.:/mfg/robo1 on the next skulk after December 12, 1994, at 9:00 a.m. The following command creates a soft link that is named /.:/admin/linka that points to an object entry named /.:/sales/discount_stats: dcecp> link create /.:/admin/linka -linkto /.:/sales/discount_stats -timeout \ {1994-01-11-12:00:00 090-00:00:00} In the preceding command, the expiration time placed in the CDS_LinkTimeout attribute value indicates that CDS will check that the destination name /.
OSF DCE Administration Guide—Core Components dcecp> link modify /.:/eng/link01 -change {CDS_LinkTimeout \ (1994-12-31-12:00:00 000-00:00:00} The following command changes the expiration value of a soft link that is named /.:/eng/link01 to December 31, 1994, at 12:00 p.m. and sets the soft link’s extension value to 90 days: dcecp> link modify /.:/eng/link01 -change {CDS_LinkTimeout \ 1994-12-31-12:00:00 090-00:00:00} 21.1.
Restructuring a Namespace 21.2.1 Before You Modify a Replica Set Before you modify a directory’s replica set, you need to know how many replicas exist, their replica types, and the name of the clearinghouse where each of the replicas is stored. The command that you use to modify a directory’s replica set does not allow you to accidentally leave a replica out of the new set. You must explicitly list all existing replicas that are in the set.
OSF DCE Administration Guide—Core Components • You want to locate a master replica closer to where the majority of updates to the directory originate. To designate a new master replica, you use the cdscp set directory to new epoch command. Figure 21-1 illustrates an example replica set. This replica set of the /.:/eng directory consists of three replicas: the master replica, which is stored in clearinghouse /.:/NY1_CH, a read-only replica stored in clearinghouse /.
Restructuring a Namespace To exclude a replica from a replica set, you use the cdscp set directory to new epoch command with the exclude argument to rebuild a directory’s replica set, excluding the replica that you specify. Remember that you must account for all existing replicas in the command. In the following example, the replica set of the /.:/eng directory consists of three replicas: the master replica, which is stored in clearinghouse /.
OSF DCE Administration Guide—Core Components considerations into account when deleting a directory: • Does the directory contain child directories or the entries for any other CDS object? Before a directory can be deleted, it must be empty. • Are there any replicas of the directory? They must each be deleted separately. Both of these considerations are discussed in following sections. To delete a directory, you must have the following permissions: • Delete permission to the directory.
Restructuring a Namespace dcecp> directory list /.:/sales -simplename work_disk link1 dcecp> directory list /.:/sales -simplename -object work_disk dcecp> directory list /.:/sales -simplename -link link1 dcecp> directory delete /.:/sales -tree dcecp> directory show /.:/sales Error: Requested entry does not exist If a directory to be deleted is not empty, the directory delete command will fail.
OSF DCE Administration Guide—Core Components dcecp> directory show /.:/sales {RPC_ClassVersion {01 00}} {CDS_CTS 1994-05-06-11:41:05.314-05:00I0.000/08-00-09-25-13-52} {CDS_UTS 1994-06-21-03:06:08.842-05:00I0.000/08-00-09-25-13-52} {CDS_ObjectUUID 5f97a584-bf9b-11cd-9362-080009251352} {CDS_Replicas {{CH_UUID de3401e6-bb98-11cd-aac5-080009251352} {CH_Name /.../absolut_cell/absolut_ch} {Replica_Type Master} {Tower {ncacn_ip_tcp 130.105.5.93}} {Tower {ncadg_ip_udp 130.105.5.
Restructuring a Namespace (See the for information on how to configure CDS servers and CDS clerks.) Occasionally, you may need to relocate a clearinghouse from the server system where it currently resides to another server system. For example, you may want to move a clearinghouse when • You need to temporarily disconnect the host server system from the network for repair or for other reasons. • You no longer want the current host system to function as a CDS server.
OSF DCE Administration Guide—Core Components 21.4.2 Copying the Clearinghouse Database Files to the Target Server System After you disable the clearinghouse and remove knowledge of the clearinghouse from the host server, you must copy the clearinghouse database files to a specific location on the new host server system. A clearinghouse database consists of the following three files: • clearinghouse-name.checkpointnnnnnnnn • clearinghouse-name.tlognnnnnnnn • clearinghouse-name.
Restructuring a Namespace 21.5 Deleting a Clearinghouse You may need to delete a clearinghouse from the server system on which it resides when • The system is scheduled for reallocation or removal from your network. • You no longer want the system to function as a CDS server. 21.5.1 Before You Delete a Clearinghouse Before you attempt to delete a clearinghouse, make sure of the following: • The clearinghouse is known to the server. • The clearinghouse does not store a master replica.
OSF DCE Administration Guide—Core Components 21.5.3 Deleting a Clearinghouse Use the clearinghouse delete command to delete a clearinghouse. The command also deletes the clearinghouse’s associated clearinghouse object entry, and all read-only replicas from the clearinghouse. Clearinghouse deletion can take some time to complete. CDS deletes a clearinghouse only after successfully completing a skulk of all directories that stored read-only replicas in the clearinghouse.
Restructuring a Namespace Once you have established one cell in a global namespace, you can add one or more child cells to the CDS namespace of this cell, then add one or more cells to those children’s CDS namespaces, and so on, depending upon how many levels you plan for your hierarchy. The following sections describe how to add an existing (already configured) cell to a hierarchy. 21.6.
OSF DCE Administration Guide—Core Components /.../coolco.com/northeast/marketing, or the principal me in the child cell /.../coolco.com/northeast/marketing/inbound? Consequently, you must ensure that the name you select does not conflict with any principal names on the parent cell. To test whether or not the CDS name you select is the same as a principal name on the parent, use the dcecp principal show command and specify the CDS name you want to use for the child cell.
Restructuring a Namespace See the cdsalias(8dce) reference page for a complete description of the cdsalias object. In order to be able to run the cdsalias connect command successfully, you need administrative permission to the child cell’s root (/.:) directory, and the cdsserver principal on the machine that contains the master replica of the child cell’s root directory needs insert permission to the parent cell’s root directory.
OSF DCE Administration Guide—Core Components See Chapter 6 for more information on creating cell name aliases and changing cell names with the dcecp cellalias command. See the cellalias(8dce) reference page for a complete description of cellalias command syntax. 21.6.
Restructuring a Namespace dcecp> principal modify northeast/marketing/inbound/newname -alias no If the parent’s new primary name is not a name that the children recognize as an alias for their parent, you must take the following steps: 1. Create the new parent primary name/child simple name combination as a cell name alias for the child. Do this in the child cell with the dcecp cellalias create for each child. 2.
Chapter 22. Managing Intercell Naming To find names outside of the local cell, CDS clerks must have a way to locate directory servers in other cells. The Global Directory Agent (GDA) enables intercell communications by serving as a connection to other cells through the global naming environment. This chapter describes how the GDA works and how to manage it.
OSF DCE Administration Guide—Core Components LEGEND = Request path Node A = Response path Client Node B 1 2 ? CDS server CDS clerk 3 GDA is at Node C Node C 4 ? GDA The following steps summarize the GDA search that is illustrated in the preceding figure: 1. On Node A, a client application passes a global name, beginning with the /... prefix, to the CDS clerk. 2. The clerk passes the lookup request to a CDS server that it knows about on Node B. 3.
Managing Intercell Naming LEGEND = Request path Node A = Response path Client Node B 10 1 2 ? 3 GDA is at Node C CDS server CDS clerk Node C 4 Node D 5 ? GDA 7 widget.com cell root is at Node E DNS server 6 Node E 8 ? CDS server 9 Success! The following steps summarize the name search that is illustrated in the preceding figure: 1. The client application passes the name /.../widget.com/printsrv1 to the CDS clerk. 2.
OSF DCE Administration Guide—Core Components 6. DNS looks up and returns to the GDA information that is associated with the widget.com cell entry. The information includes the addresses of servers that maintain replicas of the root directory of the /.../widget.com cell namespace. 7. The GDA passes the information about the foreign cell to the clerk. 8. The clerk contacts the CDS server on Node E in the foreign cell, passing it a lookup request. 9.
Managing Intercell Naming 4. Enter the following command to start the cdsadv process: # 5. cdsadv Enter the following command to start the gdad process: # gdad To stop the GDA, enter the following command, where pid is the process identifier of the gdad process: # kill pid 22.3 Enabling Other Cells to Find Your Cell The GDA is the mechanism that allows CDS clerks in your local cell to find other cells.
OSF DCE Administration Guide—Core Components • The type of the replica (master or read-only) • The global CDS name of the clearinghouse where the replica resides • The UUID of the clearinghouse, in hexadecimal notation • The DNS name of the host where the clearinghouse resides The following example shows a set of AFSDB resource records for a cell that is named cs.tech.edu, in which two replicas of the root directory exist.
Managing Intercell Naming ;First Replica: ;Name cs.tech.edu. ;Name TTL Class Type Preference 604800 IN MX 1 TTL Class Type Rdata 604800 IN TXT (1 fd3328c4-2a4b-11ca-af85-09002b1c89bb Master /.../cs.tech.edu/cs1_ch fd3328c5-2a4b-11ca-af85-09002b1c89bb fox.cs.tech.edu) Exchange fox.cs.tech.edu. 604800 IN MX 2 604800 IN TXT (1 fd3328c4-2a4b-11ca-af85-09002b1c89bb Read-only /.../cs.tech.edu/cs2_ch fd3429c4-2a4b-11ca-af87-09002b1c89bb rox.cs.tech.edu) rox.cs.tech.edu.
OSF DCE Administration Guide—Core Components 22.3.2 Defining a Cell in the Global Directory Service In GDS, cell information is contained in two attributes: CDS-Cell and CDS-Replica. You can cause an existing GDS name to become a cell entry by adding these two attributes to the name. If the name you want to use for the cell does not yet exist, you must create it and then add the attributes. The GDS administration program uses numbered screens called masks to accept user input.
Part 5.
Chapter 23. Introduction to DCE Distributed Time Service This chapter gives a conceptual overview of the DCE Distributed Time Service (DTS). Some basic time and clock concepts, DTS time representation, and basic DTS operation are also presented. DTS is a software-based service that provides precise, fault-tolerant clock synchronization for systems in local area networks (LANs) and wide area networks (WANs).
OSF DCE Administration Guide—Core Components signals. DTS offers a Time-Provider Interface (TPI) that describes how a time-provider process can pass UTC time values to a DTS server and propagate them in the network. The TPI also permits other distributed time services to interoperate with DTS. DTS provides many other valuable services for computer networks that run distributed applications.
Introduction to DCE Distributed Time Service 23.1.1 Applications Support Operating systems and distributed applications require synchronized time measurements to coordinate their processes. DTS synchronizes the system clocks in a network with each other and, in the presence of an external time-provider, to the UTC time standard. Any distributed application that reads the system clock, which is the majority of applications, needs DTS.
OSF DCE Administration Guide—Core Components time-provider (the TP server), the TP server’s precise time is propagated throughout the network. (See Section 23.2 for further information about time-providers and the server synchronization process.) 23.1.3 Manageability The DTS synchronization functions run as background processes; little or no input is required from system managers to synchronize system clocks after DTS is initially configured. DTS is also fault tolerant.
Introduction to DCE Distributed Time Service 23.2.1 Time Measurement Factors The following subsections describe the factors that affect time measurement and explain how DTS handles them. 23.2.1.1 Clock Error All system clocks have common properties that contribute to clock error and interfere with the synchronization process. System clock error tends to increase over time; the rate of change of error is known as drift.
OSF DCE Administration Guide—Core Components 23.2.2 Inaccuracy Values In order to synchronize system clocks to the most accurate settings, DTS needs a way to determine the accuracy of time sources relative to each other and to UTC. This section describes how DTS determines the relative accuracy of any time source that is available in the network. DTS uses an inaccuracy value, or tolerance, to determine the relative precision of time values that it obtains from system clocks and external time-providers.
Introduction to DCE Distributed Time Service Hardware clock time Boundary of inaccuracy (Midnight) Boundary of inaccuracy 00:00:00.00 00:00 30 35 40 45 50 55 5 −8 +8 10 15 20 25 30 Key: = Coordinated Universal Time (UTC) ZK− 1996A −GE 23.2.3 Synchronizing System Clocks To maintain uniform system times, DTS servers and clerks periodically synchronize the clocks in all network systems.
OSF DCE Administration Guide—Core Components In addition to eliminating large inaccuracy values during synchronization, DTS also discards intervals that are received from faulty clocks ( t2 in the figure). DTS detects and rejects clock intervals that do not intersect with the majority of the intervals. When DTS detects a faulty interval, it notifies the system manager by displaying an event message, identifying the server that sent the faulty value.
Introduction to DCE Distributed Time Service 23.2.4 HowDTS Adjusts System Clocks Many system clocks are based on an oscillator and operate with a combination of hardware and software. The hardware for each clock contains a timer that sends interrupts to the operating system at fixed intervals; each interrupt is a single ‘‘tick.’’ A software register that contains the current value of the time is incremented by a fixed amount (for example, 10 milliseconds) at each tick.
OSF DCE Administration Guide—Core Components 23.2.5 DTSTime Representation UTC is the international time standard that has largely replaced GMT. The standard is administrated by the International Time Bureau (BIH) and is in widespread use. For all its internal processes, DTS uses opaque binary timestamps that represent UTC. You cannot read or disassemble a DTS binary timestamp. The DTS API allows other applications to convert or manipulate the timestamps, but they cannot be displayed.
Introduction to DCE Distributed Time Service Although the dcecp clock show command displays all times in the previous format (see Figure 23-4), the interface also accepts the following variations to the ISO format on input, as shown in Figure 23-5. Figure 23-5.
OSF DCE Administration Guide—Core Components Figure 23-6. Relative Time Format Relative date and time component Inaccuracy component [−] DD−hh:mm:ss.fffIss.fff Days fractions hours minutes seconds seconds Inaccuracy designator fractions The simple relative times that you specify with DTS-related dcecp commands do not use the calendar date nor inaccuracy fields because these fields are associated with absolute times.
Introduction to DCE Distributed Time Service In order to build server lists and synchronize with the servers on the list, clerks need to be able to locate servers automatically. They discover servers by using remote procedure call (RPC) profiles. Recall that profiles are search tables that contain the following types of entries: • Server Entries—The CDS names of individual resource providers. • Service Group Entries—A group of resource providers identified by a single CDS name.
OSF DCE Administration Guide—Core Components 23.3.2.1 The Local Server Set Local servers reside on the same LAN and maintain their clocks by synchronizing with each other. Due to the high throughput on this type of network, the skews between the local servers on a LAN are normally maintained at under 200 milliseconds. If at least one of the servers in the local set synchronizes with an accurate time-provider, inaccuracies at each server may be less.
Introduction to DCE Distributed Time Service 23.3.2.3 Couriers Local servers called couriers request time values from one randomly selected global server at every synchronization. When DTS starts up, it automatically sets the server’s courierrole attribute value to backup. You can change the server’s courier role by manually changing this attribute value. To do this, you use the dcecp dts modify command with the -change option.
Chapter 24. Planning Your DTS Implementation This chapter describes how to plan your DCE DTS implementation, including personnel selection for the planning process and planning for DTS on a LAN, an extended LAN, or a WAN. DTS installation is described in the , so installation considerations are only included in this chapter by reference. It is important to note, however, that many of the planning considerations for DTS are tied to the overall planning of DCE, especially the CDS and Security components.
OSF DCE Administration Guide—Core Components • Is your cell a single LAN, an extended LAN, a WAN, or a combination of LANs and WANs? • What is the current or proposed network topology (component placement)? • How many servers will be required? Where will they be located? • Will global servers be required? Where will they be located? • Will you need to configure any couriers if you are using global servers? • Will you use an external time-provider to obtain UTC? The following sections will help y
Planning Your DTS Implementation If you are planning to use one or more time-providers, locate them at easily accessible systems to ease startup and maintenance. If your network only requires synchronized clocks, but does not need to closely follow a time standard such as UTC, you may not require a time-provider. If you do not use a time-provider, we recommend that you use the DCE control program (dcecp) clock set command to manually set the time approximately once each week.
OSF DCE Administration Guide—Core Components Due to the variable delay inherent in any WAN link, it is difficult to maintain a consistent skew between clocks on opposite sides of the link. DTS synchronizes clocks across WAN interfaces, but larger inaccuracies occur between the clocks to account for the worst case transmission delay during each synchronization. A reliable and robust DTS installation is important any time WAN links are part of a cell.
Planning Your DTS Implementation • If you are using a single time-provider, locate it at one of the global servers on the LAN, rather than at a remote server. The network configuration that results from the preceding rules concentrates the servers on the LAN, so clock skews are kept to a minimum and the service is not dependent on remote nodes that may be physically inaccessible to the system manager. Each remote clerk node synchronizes with the global servers to satisfy the minservers attribute setting.
OSF DCE Administration Guide—Core Components Site 2 Global/ Courier Server Site 1 Global Server TP M U X ( Time −Provider ) M U X Clerk Clerk Global Server Modem Modem Clerk Site 3 Modem Modem Clerk Site 4 Many of the same recommendations for a LAN with WAN links also apply to the network that does not have any LANs. Keep the following considerations in mind when planning your all-WAN network: • The network should have at least three servers, preferably four or more.
Planning Your DTS Implementation information about the Time-Provider Interface that you can use to integrate these devices in your network. See Appendix C of this guide for a list of time sources.) If you plan to use time-providers in your network, you can use one of the sample timeprovider programs that are supplied with the DTS software in dcelocal/usr/examples/dts.
Chapter 25. Managing the DCE DST This chapter describes management tasks that you perform for the DCE DTS. The DCE control program (dcecp) has commands that you can use for performing these tasks. The chapter contains brief descriptions of these commands. Detailed descriptions of the commands appear in the OSF DCE Administration Reference. Prior to the creation of dcecp, the DTS control program (dtscp) was used to manage DTS.
OSF DCE Administration Guide—Core Components — An intermediary program that plays the role of a clerk on a client system. DTS clerks obtain the time from a DTS server and adjust the clock. • clock This object represents the local system’s clock and the time that the clock tells. 25.1.2 dcecp Operations for DTS Table 25-1 summarizes the operations performed by dcecp commands on DTS objects. TABLE 25-1.
Managing the DCE DST attributes are used internally by the DTS daemon and you are allowed only to view the values (with the dcecp dts show command). Others contain values that you can reset according to the needs of your environment (with the dcecp dts modify command). Counters are used internally by the DTS daemon and contain values that you can only view. Table 25-2 lists the server and clerk attributes that you can set. Table 25-3 lists the server and clerk attributes that you cannot set.
OSF DCE Administration Guide—Core Components TABLE 25-3.
Managing the DCE DST seconds. A negative TDF of 5 hours and an inaccuracy of 3 milliseconds are included in the timestamp. 25.3 Reconfiguring DTS on Nodes DTS is initially configured during the overall DCE configuration procedure for a node (see the ). The DCE configuration procedure automatically creates and activates DTS servers and DTS clerks on designated nodes. You can, however, reconfigure DTS on a node at any time. If you choose to do this, you must perform the following steps: 1.
OSF DCE Administration Guide—Core Components Just as during initial DTS configuration, if you are creating a server, you must tell the dce_config script the type of server that it is to create: global or local. Before you choose the server type, you should consider the role that the server will play in propagating the network time. Local servers can have a noncourier role (the value of the courierrole attribute is set to noncourier). A noncourier server does not participate in time propagation.
Managing the DCE DST 25.4 Temporarily Reconfiguring DTS From time to time, a situation or problem may arise in your network that requires you to temporarily reconfigure DTS on one or more nodes. Perhaps a node in the LAN is having problems and you need to have another node take over the clerk or server role of the problem node. Rather than adding an unnecessary server or clerk to the network, you can convert the clerk or server so that it plays the needed role.
OSF DCE Administration Guide—Core Components Note: If you are reconfiguring a node that previously ran a DTS clerk so that it runs a DTS server, you need to perform extra steps. You must create a principal account for the new server in the DCE Security Service registry, and you must add the server’s name to the existing DTS server group (dts-entity). Otherwise, DTS clerks will not be able to find the newly created server. For instructions on creating a principal account, see Chapter 31 of this guide.
Managing the DCE DST dcecp> dts show {checkinterval +0-01:30:00.000I-----} {epoch 0} {tolerance +0-00:10:00.000I-----} {tdf -0-05:00:00.000I-----} {maxinaccuracy +0-00:00:00.100I-----} {minservers 3} {queryattempts 3} {localtimeout +0-00:00:05.000I-----} {globaltimeout +0-00:00:15.000I-----} {syncinterval +0-00:02:00.000I-----} {type server} {courierrole backup} {actcourierrole courier} {clockadjrate 10000000 nsec/sec} {maxdriftrate 1000000 nsec/sec} {clockresolution 10000000 nsec} {version V1.0.
OSF DCE Administration Guide—Core Components • A clerk requires values from three servers. • A server requires values from two other servers. Each server uses its own clock value when computing a new time. To reset the minservers attribute value, enter the dts modify command with the -change option to set the desired value. The command accepts values from 1 to 10.
Managing the DCE DST Whenever the system cannot contact the number of servers specified by the minservers attribute setting, the system increments the toofewservers counter, logs the event, and displays the event message Too Few Servers Detected. Information included in the event message shows the number of servers that are currently available and the number required.
OSF DCE Administration Guide—Core Components dcecp> dts show {checkinterval +0-01:30:00.000I-----} {epoch 0} {tolerance +0-00:10:00.000I-----} {tdf -0-05:00:00.000I-----} {maxinaccuracy +0-00:00:00.100I-----} {minservers 3} {queryattempts 3} {localtimeout +0-00:00:05.000I-----} {globaltimeout +0-00:00:15.000I-----} {syncinterval +0-00:02:00.
Managing the DCE DST bound determined by the maxinaccuracy attribute setting, DTS forces the system to synchronize until the inaccuracy is reduced to a level that is at or below the setting. Use the maxinaccuracy attribute setting as a trigger for synchronization. You can vary the setting to vary the tolerance of intersystem synchronizations, but be aware that, as the setting becomes lower, network overhead rises. The default setting is 0.10 seconds (100 milliseconds).
OSF DCE Administration Guide—Core Components The maxinaccuracy and syncinterval attributes are interdependent; system synchronization occurs automatically when both of the following conditions are met: • The inaccuracy of its clock equals or exceeds the maxinaccuracy attribute value. • The time since the last synchronization equals or exceeds the syncinterval attribute value (slightly randomized).
Managing the DCE DST Figure 25-2. Local Fault UTC t1 t2 t3 t4 Time CT Intersection of correct intervals (computed time) If DTS detects a faulty system clock during synchronization, the severity of the fault and the system’s tolerance attribute setting determine how DTS reacts.
OSF DCE Administration Guide—Core Components 25.5.7 The localtimeout, globaltimeout, and queryattempts Attributes When a system queries a server, it waits for a response for the period that is specified by the localtimeout or globaltimeout attribute. The localtimeout attribute setting applies when the system attempts to contact a local server; the globaltimeout attribute setting applies when the system attempts to contact a global server.
Managing the DCE DST The serverentry attribute specifies the CDS entry name where bindings for the server are exported. If you change the setting of this attribute, the entry is also modified in the namespace. The following is an example command that sets the serverentry attribute value: dcecp> dts modify - change {serverentry /.:/hosts/cyclops/dts_ref_node} The serverprincipal attribute specifies the principal name of the server that is used for authentication.
OSF DCE Administration Guide—Core Components 25.6.1.1 Advertising Global Servers To assign a server to the global set of servers, you must advertise the server with the dcecp dts configure command. Advertising the server simultaneously adds binding information to the server’s CDS name and also adds the server’s entry to the cell profile.
Managing the DCE DST designate all the other servers on the LAN as backup couriers. If you have configured several servers as backup couriers and the courier becomes unavailable, the backup courier with the lowest-ordered UUID becomes the effective courier. To assign the courier role to a server, enter the following dcecp command: dcecp> dts modify -change {courierrole courier} To assign the backup courier role to a server, enter the following command: dcecp> dts modify -change {courierrole backup} 25.
OSF DCE Administration Guide—Core Components If a server is connected to a time-provider, set its checkinterval attribute. DTS uses the checkinterval attribute to periodically check all the servers on a LAN to make sure that they remain synchronized with the time-provider. When the amount of time specified by the checkinterval attribute setting has elapsed, the server with the time-provider (the TP server) performs the following procedure: 1.
Managing the DCE DST In order to use the clock set command effectively, you must have temporary access to a trusted time reference. Such references can include the time signals that many standards organizations disseminate by radio or telephone. You can also use a clock that you have recently verified as accurate. (See Appendix C for suppliers of UTC time.) Because it is a manually entered command that is used to modify an absolute time, the clock set command is not useful for small inaccuracy settings.
OSF DCE Administration Guide—Core Components In order to use the clock set command effectively, you must have temporary access to an accurate time reference. Such references can include the time signals that many standards organizations disseminate by radio or telephone. You can also use a clock that you have recently verified as accurate. (See Appendix C for a list of time reference sources.
Managing the DCE DST The DTS principal that represents the server on a given system is the primary access control object for DTS. This principal has controlled access by human users and clerk or server processes. The default name that you can use for the DTS object in any dcecp command is /.:hosts/hostname/dts-entity. The ACL for the DTS server can contain any type of ACL entry that is valid for a principal (human or process) or authorization group to which this principal belongs.
Chapter 26. Interoperation with Network Time Protocol Network Time Protocol (NTP) is an Internet-recommended standard. The NTP synchronization subnetwork is represented by a tree-structured graph with nodes representing time servers and edges representing the transmission paths between them. The root nodes of the tree are designated primary servers that synchronize to a radio broadcast or calibrated atomic clock.
OSF DCE Administration Guide—Core Components setting the time. The user sets the inaccuracy based on local experience with NTP. The null provider may be useful for sites that already have a radio clock that is managed by NTP. Make the node with the radio clock a DTS server and use the null time-provider. 26.1.1 Getting the Time from Local NTP Time Sources Run the DTS server on a node that is running an NTP clock driver with a clock and the null time-provider.
Interoperation with Network Time Protocol Observe the following advisories: • Advisory—If links to remote sources are distant, consider having one of the subnetwork nodes run the NTP locally. • Advisory—Note that the NTP time-provider does not accept time from an NTP node at Stratum 8 or higher. • Advisory—The NTP node needs to be as close to Stratum 1 as possible. Figures 26-2 and 26-3 both show a DTS server getting the time from a remote NTP time source, which is a Stratum 3 server.
OSF DCE Administration Guide—Core Components 26.2 Giving the Time to NTP Nodes Any DTS server or clerk that runs the ntpd daemon or the xntpd daemon with the -s option and a special configuration file (ntp.conf) can be configured as an NTP server. For systems running the ntpd daemon, the ntp.conf configuration file must contain the following line: peer /dev/null DTSS 8 -5 local In addition, add -s tothe ntpd entry in the file /sbin/init.d/ntpd or, for systems with rc.
Interoperation with Network Time Protocol stratum 8 stratum 8 stratum 9 DTS server NTP −s server DTS server NTP −s server NTP server DTS client NTP client stratum 10 26.3 Preventing Loops Do not allow loops, such as NTP → DTS → NTP, to form. Run the null time-provider (dts_null_provider.c) only if you have a local time source. If you do not have a local time source, you can run the null time-provider, but do not disseminate NTP time anywhere in the local set.
OSF DCE Administration Guide—Core Components stratum 8 stratum 9 DTS server NTP server ntpd −s 3 1 2 DTS server dts_ntp_provider.c The scenario in Figure 26-6 shows the creation of a loop: 1. From the node that is labeled Stratum 8, proceed to the NTP node that is labeled Stratum 9. 2. From the NTP node that is labeled Stratum 9, continue to the node that is labeled Stratum 10. 3. DTS then feeds the time back to the node that is labeled Stratum 8, creating a loop.
Part 6.
Chapter 27. Overview of DCE Security This chapter provides a brief introduction to the DCE Security Service. The DCE Security Service consists of the following services: • Registry service—Maintains the registry database, which is a replicated database of principals, groups, organizations, accounts, and administrative policies. • Authentication service—Handles user authentication or the process of verifying that principals are correctly identified.
OSF DCE Administration Guide—Core Components Figure 27-1. Machines, Servers, and the Database Security Service Clients Request Database Operations machine running a security client l/bin/secd dceloca machine running a security client The Server Accesses the Database Registry Database 27.2 The Registry Database The registry database contains the following information: 27−2 • Principals—Principals are the users of the system.
Overview of DCE Security (See Chapter 41 for a detailed description of the structure of the registry database and the types of information it contains.) The collection of objects controlled by a registry database is an entity known as a cell. Authenticated communications are possible between cells only if those cells have special accounts in the registry database at the cell they wish to communicate with.
OSF DCE Administration Guide—Core Components Figure 27-2. Disk Memory and Virtual Memory Copies of the Registry Database Virtual Memory Registry Database Security Server Registry Database Disk Storage Each security server periodically saves its entire database from virtual memory to disk. The database is stored in dcelocal/var/security/rgy_data. 27.5 Replicated Databases The registry database can be replicated within its cell.
Overview of DCE Security available for login validation and for read operations even when changes are in the process of being propagated. 27.6.1 Master and Slave Replicas Only one replica in a cell, the master replica, accepts updates to its database from clients. Other replicas, called slave replicas, accept only reads from clients. The master replica propagates any updates to the slave replicas.
OSF DCE Administration Guide—Core Components Figure 27-4. Slave Replica Update Process Database Update Slave Security Server The server applies the update to virtual memory. Periodically, the server writes the database in virtual memory to disk. Disk Memory Registry Database Log File Replica List Replica List Log File Update 1 Update 2 . . . Registry Database The server stores a copy of each update in the log file.
Overview of DCE Security memory database and its log file. Each update in a propagation queue is identified by a sequence number and a timestamp. The sequence number is used internally to track the propagation of updates to slave replicas. The timestamp is provided to show users the date and time of updates. When a master or slave replica restarts, it initializes its database in virtual memory and then applies any outstanding updates in the log file to its database.
OSF DCE Administration Guide—Core Components You should maintain standard versions of the /etc/passwd and /etc/group files on local machines to ensure compatibility with UNIX programs. To keep the /etc/passwd and /etc/group files consistent with the registry database, use the passwd_export command. It is advisable to run passwd_export on a regular basis, preferably using cron. (See Chapter 36 for details on passwd_export.
Overview of DCE Security of the registry database structure. For example, the full pathname for the principal bach, which resides in the cell dresden.com, uses the sec (security) mount point and is in the principal directory as follows: /.../dresden.com/sec/principal/bach As another example, assume the group east-west resides in sales, which is a subdirectory of the group directory in the registry database in the dresden.com cell. The full pathname for east-west is as follows: /.../dresden.
OSF DCE Administration Guide—Core Components /.:/sec/principal/vienna.com This cell name can also represent the name of a directory, such as /.:/sec/principal/vienna.com/violinists_cell For these cases, the dcecp acl command provides an option that identifies whether you are entering a directory name or a principal name.
Chapter 28. Using Access Control Lists You can control access to DCE objects by using the ACL authorization mechanism. ACLs are associated with files, directories, CDS entries, and registry objects. They can be implemented also by arbitrary applications to control access to their internal data objects.
OSF DCE Administration Guide—Core Components DCE permissions can be set for the following: • Owner, group, and other • Specific individual principals in the local cell and in foreign cells • Specific individual groups in the local cell and in foreign cells • Any other principals in a specific foreign cell for whom individual permissions have not been set • Any principals in any cell who have been authenticated by the DCE Authentication Service • Delegate users, servers, or groups, in local or for
Using Access Control Lists Figure 28-1. ACL Managers in Servers Server data dcecp ACL Protocol ACL Library ACL Manager ACL data Server ACL Protocol Server data Generic ACL Client ACL Manager ACL data Server In addition to the standard DCE components, ACLs can control access to any object for which an ACL manager has been implemented.
OSF DCE Administration Guide—Core Components The principal and each of the groups is represented by both a string name and a UUID. The privilege attribute UUIDs are contained in the credentials that are used in authenticated remote procedure calls (RPCs). Servers grant access based upon the contents of credentials received in RPCs. Although servers typically reject unauthenticated RPCs, any server can support a policy of accepting them.
Using Access Control Lists 28.2.1 ACL Syntax The DCE control program uses the command syntax that is supported by the Tcl language. Within Tcl, the list that represents an ACL entry contains either two or three elements, depending on the ACL entry type, and is in the following form: {type[ key] permissions} The three sample ACL entries in Figure 28-2 are in the format that Tcl accepts for input. Figure 28-2.
OSF DCE Administration Guide—Core Components 28.2.2 ACL Entry Types for Principals and Groups ACL entry types let you define entries for the following: • Principals and groups — Principals and groups in the local cell — Principals and groups in foreign cells — Delegate entries — All principals in the local cell for whom individual ACL entries have not been created. — All principals in the local and all foreign cells whose privilege attributes do not match any of the other ACL entries.
Using Access Control Lists of entry type user, are members of a group named in an ACL with an entry type of group, or match the principal indicated by the user_obj or group_obj entry. The entry format is {other_obj permissions} user Establishes permissions for a specific principal in the default cell of the ACL. This ACL entry type requires a key that is a principal name.
OSF DCE Administration Guide—Core Components user_obj_delegate Establishes permissions for an intermediary acting for the object’s real or effective user. The entry format is {user_obj_delegate permissions} group_obj_delegate Establishes permissions for an intermediary acting for members of the object’s real or effective group.
Using Access Control Lists foreign_other_delegate Establishes permissions for an intermediary acting for other principals in a specific foreign cell, one other than the default cell of the ACL, that are not specifically named in ACL entries of entry type foreign_user or are members of a group named in an ACL entry of type foreign_group. You must identify the foreign cell by supplying a cell name as a key.
OSF DCE Administration Guide—Core Components 28.2.4 UsingPrincipal and Group ACL Entries When a security mechanism applies ACLs, the ACL entries are chosen in a particular order. The most specific ones are chosen before the less specific. In using the ACL entry types for principals and groups, think of the user_obj, group_obj, and other_obj types as being similar to the POSIX file permissions of user, group and other. Use the user and group types to specify permissions for a specific principal or group.
Using Access Control Lists Note: If you do not create an unauthenticated mask, unauthenticated principals are denied all access to objects. If a user is unauthenticated because that user has no DCE credentials, then the only entry that the user matches is the any_other entry type, which is then masked by the unauthenticated mask. This means that, for such unauthenticated users to have any access to an object, the object’s ACL must contain an any_other type entry and an unauthenticated mask entry.
OSF DCE Administration Guide—Core Components 28.2.7 The Checking Sequence for ACL Entries An ACL manager reads through a list of ACL entries to find the particular entry that applies to an individual who is trying to perform a particular operation. The ACL manager first looks for a match between the privilege attributes of the principal or process desiring access and the privilege attributes listed in the ACL.
Using Access Control Lists of group entry checking is not important. See Section 28.2.3 for more information on project lists. 3. If the ACL manager does not find a match between the principal requesting permission and a member of a group in the group entries, it checks the other_obj and other_obj_delegate entries. If the ACL manager finds a match, it stops checking ACL entries. 4.
OSF DCE Administration Guide—Core Components Figure 28-3. Order of Checking ACLs and Applying Masks Not masked through mask_obj Masked through mask_obj user_obj user_obj_delegate user user_delegate foreign_user foreign_user_delegate group_obj group_obj_delegate group group_delegate foreign_group foreign_group_delegate other_obj other_obj_delegate foreign_other foreign_other_delegate any_other any_other_delegate mask_obj unauthenticated Step 1: Match credentials against Access ACL Entries.
Using Access Control Lists ACL entry grants rwx permissions and the mask_obj entry specifies only r and w permission, only r and w are granted. The x permission named in the ACL entry is ignored. 28.2.7.2 The Unauthenticated Mask and ACL Checking If an ACL manager receives an access request from an unauthenticated principal, it checks the ACL entries and applies the mask_obj mask, if available, as described previously.
OSF DCE Administration Guide—Core Components the principal is the object’s owner or a member of the object’s group, you must use the user_obj or group_obj entry types to ensure that access is denied. To deny access to all unauthenticated users, do not create the unauthenticated mask. If this mask is not created (ACL entry type of unauthenticated), only authenticated principals can access the object.
Using Access Control Lists To copy an extended entry type from the domain of one ACL manager to the domain of another ACL manager, use the output of the dcecp acl show command as the input to an acl replace command. To copy extended entries this way, both ACL managers must support the extended entry type. 28.
OSF DCE Administration Guide—Core Components objects or containers created within the initial container. The Initial Container ACLs and the Initial Object ACLs can be edited in the same way as the usual ACL by using the -ic and -io options to the dcecp acl commands. 28.6.1 Objects and Containers The type of ACL used for an object depends on whether the object is a simple object or a container. Containers are objects that hold other objects.
Using Access Control Lists Container A Object ACL Initial Container ACL Initial Object ACL Object Created in Container A Object ACL An object created in Container A receives Container A’s Initial Object ACL as its Object ACL. 28.6.2.
OSF DCE Administration Guide—Core Components Container A Object ACL Initial Container ACL Initial Object ACL A container created in Container A receives Container A’s Initial Object ACL as its Initial Object ACL. Container Created in Container A Object ACL A container created in Container A receives Container A’s Initial Container ACL as its Object ACL and its Initial Container ACL. Initial Container ACL Initial Object ACL 28.6.2.
Using Access Control Lists {group_obj rw} {other_obj r} Initial Container ACL (Container A’s Initial Container ACL) {user_obj crwxid} {group_obj rw} {other_obj r} Initial Object ACL (Container A’s Initial Object ACL) {user_obj crwxid} {group_obj r} {other_obj r} 28.6.3 Effect of Masks When Editing ACLs If the user specifies a new mask_obj ACL entry, then acl modify uses it.
OSF DCE Administration Guide—Core Components The following example shows the way mask recalculation works, as well as the effect of the options. Observe that the ACL contains an entry granting rwx permission to some user, but the mask allows an effective permission of r-x. Adding a new rwx ACL entry and recalculating the mask (according to step 6) to rwx is unsafe because the first user’s effective access rights are unexpectedly changed from r-x to rwx.
Using Access Control Lists {user telemann rwx effective rwx} {mask_obj rwx} 124243 Tandem Computers Incorporated 28− 23
Chapter 29. Control Programs for Managing the DCE Security Service You can perform most of the management tasks for the DCE Security Service by using the DCE control program (dcecp). However, some of the components of this service require you to use other control programs provided in DCE. This chapter provides information about the commands that the DCE control program offers for DCE Security Service management.
OSF DCE Administration Guide—Core Components The following subsections describe the DCE Security Service objects that the DCE control program operates on and the types of operations that the control program can perform on these objects. 29.1.1 Security Service Objects The DCE control program has functions that operate on the following security service components: principal This object represents registry principals.
Control Programs for Managing the DCE Security Service TABLE 29-1. DCE Control Program Operations for the DCE Security Service _________________________________________________________________________ Operation Description __________________________________________________________________________ ________________________________________________________________________ add Adds a principal to a group or organization to a registry replica.
OSF DCE Administration Guide—Core Components _________________________________________________________________________ Operation Description _________________________________________________________________________ synchronize Instructs the slave replica of the registry to update its contents from the master replica. _________________________________________________________________________ verify Checks if all of the registry’s replicas are up-to-date.
Control Programs for Managing the DCE Security Service registry server at /.../bayre.com/subsys/dce/sec/master the display would be registry server at /.../bayre.com To exit from a rgy_edit command, press at the command prompt. For example, to exit from the add command to add principals, press at the Add Principal=> Enter name: prompt. To exit from the registry editor, enter the q[uit] command at the rgy_edit prompt: rgy_edit=> $ q The rgy_edit help command displays help information.
OSF DCE Administration Guide—Core Components 29.3 Using the sec_admin Program While the DCE control program includes commands that create and maintain the master and slave replicas of the registry, the program does not provide functions that are useful for reconfiguring the replica set in a cell. Reconfiguring the registry replica set in a cell involves reassigning the roles of the master and the slaves.
Control Programs for Managing the DCE Security Service ________________________________________________________________________________________ Name Description ________________________________________________________________________ ___________________________________________________________________________ b[ecome_master] Causes a slave replica to assume the role of the master.
Chapter 30. Creating and Maintaining Principals, Groups, and Organizations This chapter explains how to use dcecp to create and maintain principals, groups, and organizations. It begins with a discussion of the names that are assigned to principals, groups, and organizations and of the Universal Unique Identifiers (UUIDs) used internally by the DCE Security Service to identify registry objects. 30.
OSF DCE Administration Guide—Core Components 30.1.2 Full Names Full names can be assigned optionally to principals, groups, and organizations. An object’s full name is for information purposes. It typically describes or expands a primary name to allow easy recognition by users. For example, a principal could have a primary name of jsbach and a full name of Johann S. Bach. An organization could have the primary name moco and the full name Motet Composers. A full name is a data field only.
Creating and Maintaining Principals, Groups, and Organizations 30.2 Reserved Principals and Accounts Some principals and accounts are reserved for use by various system operations. You cannot delete reserved principals. You can modify, but not directly delete reserved accounts. Note, however, that you may delete reserved accounts indirectly by deleting the group or organization that is specified in the account. (See Chapter 31 for details.) A list of reserved principals and accounts follows.
OSF DCE Administration Guide—Core Components 30.4 Universal Unique Identifiers and UNIX IDs The DCE Security Service automatically associates a principal’s, group’s, or organization’s primary name with a UUID. UUIDs identify objects, which is a function performed by UNIX numbers (UNIX IDs) in UNIX systems. (The registry database also contains UNIX numbers, but they are used solely for compatibility with UNIX programs.) Normally, you do not have to be aware of UUIDs.
Creating and Maintaining Principals, Groups, and Organizations _______________________________________________________________________________________ -uid integer The required UNIX ID that is associated with the principal. You can enter this number explicitly or allow it to be generated automatically.
OSF DCE Administration Guide—Core Components dcecp> principal create {bach britten mahler satie} -quota 5 30.5.2 Changing Principals You can change a principal’s primary name and other information related to the principal. Additionally, you can change a primary name to an alias and an alias to a primary name. If you change a primary name to an alias and do not make an alias the primary name, operations that return names choose one of the aliases at random. 30.5.2.
Creating and Maintaining Principals, Groups, and Organizations 30.5.2.2 Changing Principal Information Use the dcecp principal modify command to change any principal information except the UNIX ID and user ID. The following example shows the principal modify command used to change principal mahler’s object creation quota to 10. dcecp> principal modify mahlar -quota 10 30.5.
OSF DCE Administration Guide—Core Components 30.6.1 DCE Version 1.1 Authentication With the addition of user preauthentication, DCE Version 1.1 authentication addresses certain security deficiencies in the Kerberos V5 authentication protocols, used as the basis for the DCE authentication protocol in versions previous to DCE Version 1.1.
Creating and Maintaining Principals, Groups, and Organizations 30.6.1.
OSF DCE Administration Guide—Core Components 30.6.1.2 Preauthentication Interoperability Between DCE Versions Table 30-2 describes how login requests are handled when DCE Version 1.1 clients/servers interoperate with pre-DCE Version 1.1 clients/servers in a single cell. TABLE 30-2. DCE Version 1.1/Pre-DCE Version 1.1 Authentication Interoperation ________________________________________________________________________________________ Login Request Type Pre-1.1 Server Response 1.
Creating and Maintaining Principals, Groups, and Organizations You do this by attaching instances of two ERAs (max_invalid_attempts and disable_time_interval) to the principal. Specify values for these ERAs as follows: max_invalid_attempts Specifies an integer indicating the number of successive invalid login attempts the security server should accept before marking the principal’s account as disabled.
OSF DCE Administration Guide—Core Components as follows: pwd_val_type pwd_mgmt_binding Specifies password creation options for the principal as follows: 0 (NONE) Specifies that the principal’s password is subject only to DCE standard policy. (See Chapter 35 for a description of DCE standard policy.) Specifying 0 (NONE) is equivalent to not attaching an ERA instance to the principal.
Creating and Maintaining Principals, Groups, and Organizations • To protect password security, and to optimize performance, the password management server should run on the same machine as the master DCE security server. • The default pathname for the password management server is $DCELOCAL/bin/pwd_strengthd. You can change this pathname by using the PWD_MGMT_SVR environment variable in config.env.
OSF DCE Administration Guide—Core Components dcecp> acct mod smitty -password [acct gen smitty] \ -mycurrentpwd -dce- 30.6.4 Managing Password Expiration By default, the DCE security server disables logins for principals whose passwords have expired. There may be cases where you would prefer this not to happen; for instance, you probably don’t want cell_admin to be locked out of the cell because of an expired password.
Creating and Maintaining Principals, Groups, and Organizations Chapter 28 for a description of ACLs.) For example, assume the ACL for file X contains two entries: one permits group A write access and one permits group B read access. Then, any principal who is a member of both groups A and B can read and write to file X. 30.7.1.1 Project Lists and Rights Principals accrue project list access rights only from the groups that are associated with the name or alias with which they log in.
OSF DCE Administration Guide—Core Components TABLE 30-3. Attribute Options to Create Groups and Organizations __________________________________________________________________ Information Meaning __________________________________________________________________ __________________________________________________________________ -gid The required UNIX ID that is associated with the group or organization. You can enter this number explicitly or allow it to be generated automatically.
Creating and Maintaining Principals, Groups, and Organizations 30.7.3 Changing Groups and Organizations For groups and organizations, you can change the primary name and full name. In addition, for groups you can change whether or not the group can appear in project lists, and for organizations you can change policy. (See Chapter 35 for details on changing organization policy.) Use the dcecp group modify command to modify change groups.
OSF DCE Administration Guide—Core Components The next example shows the organization delete command being used to delete the organization classic: dcecp> organization delete classic Note that you can delete multiple groups or organizations with a single group delete or organization delete command by including the names to delete in braces and separated by spaces just as you would to delete multiple principals. 30.
Creating and Maintaining Principals, Groups, and Organizations 30.8.2 Adding and Deleting Group Members The following example shows the use of the dcecp group add command with the -member option to add mahler to the group symphonists and delete strauss from the group symphonists: dcecp> dcecp> group add symphonists -member mahler group remove symphonists -member mahler You can add and remove mutiple members with one group add or group remove command.
OSF DCE Administration Guide—Core Components principal create name -uid unix_ID -alias where: name Is the alias name for the principal or group. unix_ID Is the UNIX ID that is associated with the principal for which you are creating the alias. -alias Indicates that name is an alias. To create an alias for a group, enter the dcecp group create command in the following form: group create name -gid groupunix_ID -alias where: name Is the alias name for the principal or group.
Chapter 31. Creating and Maintaining Accounts All principals have two identities: a network identity that provides the ability to access DCE objects on machines across the network, and a local identity that provides the ability to access objects on the local machine. The two identities exist in tandem, but independently of each other. A principal’s network identity is defined by an account in the network registry.
OSF DCE Administration Guide—Core Components 31.1 User Accounts User accounts are associated with the user’s password and information that is used when the user logs into DCE. Account information includes such things as the principal’s home directory and login shell, and authentication policy, which defines parameters that help control a principal’s access to DCE.
Creating and Maintaining Accounts 31.2.2 Steps for Creating Server Accounts To create an account for a server, first run the dcecp account create command to create the account and then run the dcecp keytab add command to add an entry to the keytab file. The server’s password in the registry and the server’s key in the keytab file must match.
OSF DCE Administration Guide—Core Components 2. The authentication service does the following: a. Receives the login request b. Obtains the registry’s copy of the principal’s authentication key c. Attempts to decrypt the login request with this key If the decryption succeeds, the keys are the same; the principal is therefore authenticated and the login is successful.
Creating and Maintaining Accounts principal’s part. Note, however, that the lifetime allocated to a service ticket can never exceed the time remaining on the principal’s ticket-granting ticket (TGT). 31.4.3 Displaying Privilege Attributes and Tickets DCE cell administrators can use the klist command to display a principal’s current tickets and privilege attributes. The klist command displays three types of information: privilege attributes, expiration information, and service ticket information.
OSF DCE Administration Guide—Core Components Identity Info Expires: Account Expires: Passwd Expires: 91/10/03:12:07:18 91/12/31:12:00:00 91/10/31:12:00:00 31.4.3.3 The Third Part of the klist Display—Tickets The third and final part of the klist display shows the principal’s ticket information and the name of the principal’s ticket cache. The first three tickets labeled Server in the following display are the tickets used after the principal logged in and obtained privilege attributes.
Creating and Maintaining Accounts means that it is generally not necessary to run kdestroy at logout. The kdestroy command is described on the kdestroy(8sec) reference page. 31.5 Adding Accounts Use the dcecp account create command to add accounts to the registry. Information that is associated with accounts falls roughly into the following two categories: • User information similar to that typically found in the /etc/passwd file.
OSF DCE Administration Guide—Core Components __________________________________________________________________ Option Meaning __________________________________________________________________ -expdate The date (in ISO timestamp format YY-MM-DDhh:mm:ss) on which the account expires. To renew a account after it expires, change the date. The default is none, meaning the account never expires.
Creating and Maintaining Accounts __________________________________________________________________ Option Meaning __________________________________________________________________ -postdatedtkt {yes|no} A flag that determines whether or not tickets with a start time in the future can be issued to the account’s principal. The default is no.
OSF DCE Administration Guide—Core Components __________________________________________________________________ Option Meaning __________________________________________________________________ __________________________________________________________________ -maxtktrenew hours The maximum ticket renewable. This is the amount of time in hours before a principal’s ticket-granting ticket expires and that principal must log into the system again to reauthenticate and obtain another ticket-granting ticket.
Creating and Maintaining Accounts then the renewable ticket lifetime is used as the maximum ticket lifetime. For example, suppose an account’s is set to 15 hours. If you set the renewable ticket lifetime to 20 hours, the effective maximum ticket lifetime is not 20, but 15 hours. • The default ticket lifetime can never be larger than the maximum ticket lifetime (in other words, default_life = min (default_life, max_life)) or less than 60 seconds.
OSF DCE Administration Guide—Core Components addition, you must supply your password with the -mypwd option to verify your identity. If you do not enter your password, dcecp will prompt you. All other attributes can be allowed to default. Note that the password you type is not displayed on the screen. Because you are required to enter your password, you must run the account create command in interactive mode.
Creating and Maintaining Accounts changes in an attribute list. The -add and -remove options are not supported with the account modify command because each account attribute must be present and must have a value. 31.5.
OSF DCE Administration Guide—Core Components object, an optional annotation, and the name of the file that actually stores the server keys on the local machine. This object is usually a file. Note that actual server keys are not stored in the keytab object, but in the file stored on the local machine. The pathname of the dced keytab object is /.:/hosts/hostname/config/keytab/keytab_name where: hostname Is the name of the host on which the dced process resides. keytab_name Is the name of the keytab file.
Creating and Maintaining Accounts 31.6.1.2 Server and Machine Key Version Numbers When keys are added to the keytab file, each is assigned a version number that ranges from 1 to 255. Whenever server or machine keys change (automatically or explicitly), the key’s version number is incremented. Version numbers allow two or more keys to exist for any given server or machine.
OSF DCE Administration Guide—Core Components TABLE 31-2. The keytab create and keytab add Options __________________________________________________________________ Option Meaning ___________________________________________________________________ _________________________________________________________________ -local This option allows you to access the keytab file without using dced.
Creating and Maintaining Accounts __________________________________________________________________ Option Meaning _________________________________________________________________ ___________________________________________________________________ 31.6.2.1 Creating a Keytab File Use the keytab create command to create keytab files, entries in corresponding dced object.
OSF DCE Administration Guide—Core Components 31.6.2.2 Adding Entries to a Keytab File Use the keytab add command to add entries to an existing keytab file. When you use this command, you must supply the name of the keytab file’s dced object and any of the options described in Table 31-2. The following command adds a key to the keytab file named kfile_3 for the server principal svr_3. The key is generated automatically, and the registry is updated to be synchronized with the keytab file.
Creating and Maintaining Accounts 31.6.3 Changing Server and Machine Passwords in the Keytab File Passwords for all principals must be changed when they expire. Human principals can use their platform’s chpass command to change their password. The dced security validation service automatically changes the machine’s password as necessary by assigning a randomly generated password. This daemon is supplied with DCE and runs on each local machine that engages in network access.
OSF DCE Administration Guide—Core Components The following files make up the local registry database: dcelocal/var/security/lrgy_data Contains account information entries. dcelocal/var/security/lrgy_tgts Contains ticket-granting ticket entries. dcelocal/var/security/lrgy_lock Used by the security server to lock the registry for read/write operations. You must use the security command rgy_edit to maintain the local registry.
Creating and Maintaining Accounts from the local machine, an entry is created for that user. This new entry overwrites the oldest of the 10 entries currently existing in the local registry. As users log in from the machine for the first time, their newly created registry entry overwrites the oldest entry. To set the Capacity attribute value for the local registry, use the rgy_edt properties command. Note that, when you first enter the command, it displays the current registry capacity and lifespan.
OSF DCE Administration Guide—Core Components If you end a string of numbers and measurement units with a number only, the number with no measurement unit defaults to seconds. For example, if you enter the following, the lifespan is assumed to be 12 weeks and 30 seconds: Enter acct lifespan in days or ’forever’: (3w) 12w30 31.7.3 Purging Expired Entries The rgy_edit purge subcommand deletes expired entries from the local registry.
Chapter 32. Creating and Using Extended Registry Attributes The registry stores specific information about principals, groups, organizations, and accounts. This is the information that you create when you use dcecp commands to create principals, groups, organizations, and accounts. The kind of information that can be stored in the registry database is defined in the registry schema, which is essentially a catalog of the kinds of data stored in the database.
OSF DCE Administration Guide—Core Components Extended attribute types are stored in the object named xattrschema under the security junction point (usually /.:/sec) in the CDS namespace. Access to xattrschema and the attribute type definitions it contains is controlled by an ACL on the xattrschema object. The xattrschema object is propagated from the master security server to replicas, like other registry data. 32.
Creating and Using Extended Registry Attributes TABLE 32-1.
OSF DCE Administration Guide—Core Components __________________________________________________________________________ Option Meaning _________________________________________________________________________ ___________________________________________________________________________ -unique {yes | no} An indication of whether or not each instance of the attribute type must be unique within the cell (yes=unique; no=not unique).
Creating and Using Extended Registry Attributes where: attr_name Is the fully qualified name of the attribute type to change. new_option Is the option that specifies the changes. The following sample command modifies the MVSname attribute to change its annotation. Note that the fully qualified attribute type name must be supplied to the command. dcecp> xattrschema modify /.:/sec/xattrschema/MVSname -change \ {annotation {Use with version 2.3}} 32.2.
OSF DCE Administration Guide—Core Components dcecp> xattrschema delete /.:/xattrschema/MVSname 32.2.5 Defining the ACL Managers for Attributes When you define an extended attribute type, you must define the objects to which the attribute can be attached and the permissions to access the attribute. To do this, you associate an attribute type with one or more ACL managers, and you supply the permission sets that control access to attribute instances of that type.
Creating and Using Extended Registry Attributes testset Is the permission set to test instances of the attribute. deleteset Is the permission to delete instances of the attribute. To enter a permission set with more than one permission, concatenate the permissions; for example, to enter the permissions t, M, and d, enter tMd. Enclose each ACL manger type’s information in braces and leave a space between each item (except, of course, between items in the concatenated permission sets).
OSF DCE Administration Guide—Core Components TABLE 32-2. Encoding Types ____________________________________________________________________ Encoding Type Meaning ____________________________________________________________________ ____________________________________________________________________ any Not implemented in this release of DCE. ____________________________________________________________________ attrset The attribute value must be a list of attribute type UUIDs enclosed in braces.
Creating and Using Extended Registry Attributes Trigger servers are invoked automatically when an attribute associated with a trigger server is queried or updated. Note that access to information maintained by a trigger server is controlled entirely by that server. Note: Update trigger servers are not supported in this release. To associate an attribute type with a trigger server, use the -trigtype and -trigbind dcecp xattrschema options. 32.3.
OSF DCE Administration Guide—Core Components {auth_serv_type name prot_level authentication_service authorization_service} where: auth_serv_type Specifies the authentication type, which can be • none—No authentication is performed. • dce—Standard DCE authentication is performed. If you are using no authentication, no other information except the binding itself is required. If you are using the standard DCE authentication type, you must specify all the remaining parameters.
Creating and Using Extended Registry Attributes authentication_service authorization_service Specifies the authentication service. The exact level of protection provided by the authentication service is specified by the protection level. The supported authentication services are as follows: • default—DCE shared-secret key. • none—No authentication: no tickets are exchanged, no session keys established, client EPACs or names are not transmitted, and transmissions are in the clear.
OSF DCE Administration Guide—Core Components 32.3.2.3 Sample Value for the -trigbind Option The following sample shows the value for a -trigbind option. In the sample, the binding has the principal name MVS_server, is authenticated with packet-privacy protection level, uses a shared secret key and an authorization service of DCE. The binding is supplied as a server entry name. -trigbind {{dce MVS_server pktprivacy secret dce} \ {/.:/hosts/host_name/dce_entity_name}} 32.
Creating and Using Extended Registry Attributes dcecp> principal modify delores -add {MVSname admin} To add instances of a multivalued extended attribute, include each value, separated by a space after the attribute name. For example, to attach the multi_name attribute with values of value1, value2, value3, and value4 to the principal named delores, use the following command: dcecp> principal modify delores -add {multi_name value1 value2 \ value3 value4} 32.4.
OSF DCE Administration Guide—Core Components then the previous command would change the values as follows: {multi_name value1} 32.4.3 Deleting Attribute Instances Use the dcecp modify command with the -remove option to delete attribute instances attached to an object. To delete all instances of an attribute from an object, supply the attribute name to the -remove option.
Creating and Using Extended Registry Attributes Each attribute set is attached to an object and, although the system does not enforce it, each attribute that is a member of a set should also be attached to the same object. Attribute sets cannot be nested; a member of an attribute set cannot itself be an attribute set. To create, modify, and delete members in an attribute set, follow the instructions to create, modify, and delete mutli-valued attributes.
Chapter 33. Administering a Multicell Environment Previous chapters in this guide described the DCE administration tasks that are performed within individual cells. The administration of a multicell environment, which is one in which principals from foreign cells access objects in the local cell, has additional tasks and considerations that arise from the interaction of principals across different cells.
OSF DCE Administration Guide—Core Components Once the trust relationship is established, you can control foreign principals’ access to specific objects with ACL entries, just as you do for principals in the local cell. The trust relationship also allows users in the foreign cell to log into accounts in the local cell and vice versa. Two kinds of trust relationships allow principals in other cells to engage in authenticated access to objects in your cell.
Administering a Multicell Environment Because cell A trusts cell B’s authentication service, it allows authenticated access to all principals whose authentication is guaranteed by cell B’s authentication service. These authenticated principals include principals from cell B and principals from cell B/C. 33.1.3 Establishing Trust Relationships Use the registry connect command to establish direct trust and transitive trust relationships.
OSF DCE Administration Guide—Core Components 33.1.4 Constraints on Transitive Trust Relationships To prevent the widespread proliferation of trust relationships that could result in unwieldy administrative burdens and weakened security, the DCE Security Service imposes the following three rules on transitive trust relationships: 1. Any number of descendent cells can be traversed by a transitive trust relationship, and any number of ancestor cells can be traversed by a transitive trust relationship. 2.
Administering a Multicell Environment B B and D C Transitive trust relationshp between cell B and cell B/C/D D Rule 2: No more than one direct trust peer relationship can be traversed by a transitive trust relationship. For example, in Figure 33-4, cells A, B, and C are peer cells. Cell A has a direct trust peer relationship with cell B, and cell B has a direct trust peer relationship with cell C.
OSF DCE Administration Guide—Core Components A_Conglomerate direct trust direct trust transitive trust B_Division C_Division B_organization C_organization Rule 3: Once a hierarchical trust relationship traverses a direct trust ancestor and a direct trust peer, it cannot traverse to an ancestor of the cell. For example, consider Figure 33-6. The A_Conglomerate cell hierarchy and the B_Conglomerate cell are connected by direct trust relationships.
Administering a Multicell Environment A_Conglomerate B_Conglomerate A_Company B_Company A_engineering B_engineering INVALID PATH A_product B_product The type of trust relationship shown in this figure might be used by two companies that have a very limited agreement to cooperate on product development. Figure 33-7 shows another transitive trust path. Figure 33-7.
OSF DCE Administration Guide—Core Components In the path, the B_product cell has a transitive trust path up to its ancestor, B_Company, and from B_Company to A_Company. But from A_company, the transitive trust path cannot continue up to A_Company’s ancestor, although it can continue down to A_Company’s descendants.
Administering a Multicell Environment principal name is krbtgt/dresden.com. The unchanged cell name is stored as the principal’s full name. Note that registry connect uses your local cell name for the primary name of the local cell’s account principal. This name is stripped of the full pathname and prefixed with krbtgt, just as the foreign cell name is.
OSF DCE Administration Guide—Core Components default to none. dcecp> registry connect /.../dresden.com -facct cell_log -facctpw music \ -group cell_group_local -fgroup cell_group_dres \ -org cell_org_local -forg cell_org_dres -mypwd cell_admin 33.2.3 The Accounts Created by the registry connect Command The accounts and principals that are created by the registry connect command are given default attribute values listed in Table 33-1.
Administering a Multicell Environment TABLE 33-1.
OSF DCE Administration Guide—Core Components following cautions. Never set the account’s pwdvalid attribute to no (invalid). For standard accounts, setting the attribute to no causes the user to be prompted to change their passwords at the next login. Passwords for cross-cell authentication accounts, however, are shared by the authentication services in two cells. If you change one, this synchronization is destroyed and cross-cell communications end.
Chapter 34. Viewing Registry Information Using dcecp, you can display information about the following security objects: • Principals • Groups • Organizations • Accounts • The registry • The xattrschema object • ACLs • Keytab files The following dcecp operations provide these displays: • The catalog command displays the names of all the specified objects. • The list command displays the names of the members of the specified groups or organizations or of the specified key table.
OSF DCE Administration Guide—Core Components account catalog To display all accounts in the registry database in alphabetic order with names not prefixed by the cell name, enter account catalog -simplename To display all attributes for a named principal’s account, enter account show principal_name To display all policies for a named principal’s account, enter account show acct_name -policy To display all attributes and all policies for a named principal’s account, enter account show acct_name -all The
Viewing Registry Information {goodsince 1994-06-15-18:31:05.000+00:00I-----} {group users} {home /} {lastchange /.../dresden.com/cell_admin 1994-06-16-12:21:07.000+00:00I-----} {organization users} {postdatedtkt no} {proxiabletkt no} {pwdvalid yes} {renewabletkt yes} {server yes} {shell {}} {stdtgtauth yes} Note that, if the policy defined for the account is not actually in effect because it is overridden by the registry policy, the policy is followed by the effective tag and the actual value in effect.
OSF DCE Administration Guide—Core Components or organization list group_name To display all members of a specified group or organization in alphabetical order with names not prefixed by the cell name, enter group list group_name -simplename or group list group_name -simplename To display all attributes for a group or organization, enter group show group_name or organization show group_name To display all extended attribute instances attached to a group or organization, enter group show group_name -xatt
Viewing Registry Information dcecp> group cat /.../dresden.com/nogroup /.../dresden.com/system /.../dresden.com/daemon /.../dresden.com/uucp /.../dresden.com/bin /.../dresden.com/kmem /.../dresden.com/mail /.../dresden.com/tty /.../dresden.com/none /.../dresden.com/tcb /.../dresden.com/acct-admin /.../dresden.com/subsys/dce/sec-admin /.../dresden.com/subsys/dce/cds-admin /.../dresden.com/subsys/dce/dts-admin /.../dresden.com/subsys/dce/cds-server /.../dresden.com/subsys/dce/dts-servers /.../dresden.
OSF DCE Administration Guide—Core Components principal catalog To display all principals in the registry database in alphabetic order with names not prefixed by the cell name, enter principal catalog -simplename To display all attributes for a named principal, enter principal show principal_name To display all extended attribute instances attached to a principal, enter principal show principal_name -xattrs To display all regular attributes and all extended attributes for a principal, enter principal sho
Viewing Registry Information 34.4 Displaying xattrschema Information Use the dcecp xattrschema catalog and xattrschema show commands to display information about the extended attribute types. Note that, to see instances of an extended attribute attached to a principal, use the -xattr option with the principal, group, or organization show commands. The xattrschema catalog command displays the names of the extended attribute instances defined in a named schema.
OSF DCE Administration Guide—Core Components dcecp> xattrschema show /.:/sec/xattrschema/test_integer {aclmgr {principal {{query r} {update r} {test r} {delete r}}}} {annotation {test_integer: encoding type integer}} {applydefs yes} {encoding integer} {intercell reject} {multivalued yes} {reserved no} {scope {}} {trigbind {none {}}} {trigtype none} {unique no} {uuid 5f439154-2af1-11cd-8ec3-080009353559} 34.
Viewing Registry Information 34.6 Displaying keytab Information Use the dcecp keytab catalog, keytab list, and keytab show commands to display information about accounts. When you use the keytab catalog command, you must supply the name of the host for which to display keytab files. When you use the keytab list or keytab show command, you must supply the name of the dced object for which to display keytab information.
Chapter 35. Maintaining Policies and Properties Registry polices are attributes that can be set registry wide. To provide a finer lever of control, policies can also be set for individual organizations and accounts. An organization’s or account’s policies can override the registry default policies if the organization’s or account’s policies are more restrictive. Registry properties are attributes that apply to the principals, groups, and organizations created in the registry.
OSF DCE Administration Guide—Core Components 35.1.1 Standard Policy Standard policy regulates such things as account and password lifetimes and password format. It can be set for the registry and for specific organizations. The standard policies you can set are described in the following subsections.
Maintaining Policies and Properties You define the password lifespan as the dcecp pwdlife attribute in the following form: pwdlife {time | unlimited} where time is a number that indicates the number of days the password is valid, and unlimited specifies an unlimited lifespan. You can also set the exact date passwords expire by using the password expiration date policy (pwdexpdate attribute). 35.1.1.
OSF DCE Administration Guide—Core Components • Whether or not passwords can consist entirely of spaces, defined by the dcecp pwdspaces attribute in the form pwdspaces {yes | no} If you specify no, passwords cannot consist of all spaces. • Whether or not a password can consist entirely of alphanumeric characters, defined by the dcecp pwdalpha attribute in the form pwdalpha {yes | no} If you specify no, passwords must contain characters other than alphanumerics.
Maintaining Policies and Properties where hours is a number that indicates the number of hours before a principal’s ticketgranting ticket expires. Note that you can set this time for individual accounts by using the account modify command. 35.1.2.2 Maximum Ticket Lifetime The maximum ticket lifetime (maxtktlife attribute) is the maximum amount of time in hours that a ticket issued to a principal is valid.
OSF DCE Administration Guide—Core Components TABLE 35-1. Stricter Standard Policies ______________________________________________________________ For This Type of Policy... This Is the Stricter Policy...
Maintaining Policies and Properties 35.1.5 Displaying and Setting Standard and Authentication Policies To display policy: • For the registry as a whole, use the dcecp registry show command with the -policies option. • For an individual organization or account, use the dcecp organization show command with the -policies option (for standard policies) or the dcecp account show command with the -policies option (for authentication policies).
OSF DCE Administration Guide—Core Components You set default ticket lifetimes with the dcecp deftktlife attribute in the following form: deftktlife hours where hours a number indicating the number of hours in the lifetime. 35.2.2 Hidden Password Property The hidden password property determines whether encrypted passwords are displayed or not.
Maintaining Policies and Properties where integer is the starting ID number. 35.2.5 Minimum UNIX ID Property The minimum UNIX ID property is the starting point for UNIX IDs that are automatically generated by the security service when a principal’s account is added to the registry. (You can explicitly enter a lower UNIX ID than this number; it applies only to automatically generated numbers.
OSF DCE Administration Guide—Core Components where integer is a number that indicates the number of minutes in the minimum ticket lifetime. The minimum ticket lifetime can be set only as a registry property. It cannot be set for individual accounts. (Contrast this with the maximum ticket lifetime property, which is set with the dcecp registry modify or account modify commands.) 35.2.8 Displaying and Setting Properties To display registry properties, use the dcecp registry show command.
Chapter 36. Performing Routine Maintenance This chapter describes security maintenance procedures that should be performed on a regular basis, such as • Adding new users to the registry • Creating overrides for individual machines • Changing the master key • Backing up and restoring the database • Updating the /etc/passwd and /etc/group files so that they are consistent with the registry 36.
OSF DCE Administration Guide—Core Components You can override registry entries for local machines. By using overrides, you can, for example, prevent individuals and groups from logging into a particular machine, establish local root passwords, and tailor local user environments. The override information is in effect for the local machine only and has no effect on the account information that is stored in the registry.
Performing Routine Maintenance where: principal_name A keyfield that contains a principal name that identifies the principal to whose account the override applies. Enter principal_name to apply the override only to the account for the principal’s primary name and not to any accounts for the principal’s aliases. You must enter one of the keyfields (principal_name, principal_uid, or group_uid) to identify the account(s) to which the override applies. passwd The encrypted password.
OSF DCE Administration Guide—Core Components principal’s aliases. Enter group_uid and principal_uid to apply the group override to all of the principal’s accounts, including any for the principal’s aliases. In these instances, the group_uid field functions as a field that supplies override information, not as a keyfield. GECOS The account’s GECOS field. If you specify an override, it is reflected in the information that is displayed by the UNIX finger command. home_dir The account’s home directory.
Performing Routine Maintenance UNIX ID. If you specify both keyfields in an override entry, the group name is used as the lookup key; subsequent fields are used as overrides. 36.2.3.3 Field Descriptions The following list describes each entry in the file group_override: group_name A keyfield that contains the name that identifies the group to which the override applies. passwd This field specifies the encrypted password.
OSF DCE Administration Guide—Core Components The ls command is likewise affected. For example, the following command accesses the group file to obtain additional information about a group: ls -lg If the group is omitted, no group entry will exist and no information will be available. For this reason, you should use OMIT to omit groups from file /etc/group only if your user community is very large and either of the following conditions occur: • The group file is taking up too much space.
Performing Routine Maintenance principal’s primary name and all aliases. group_uid A UNIX ID that identifies the group to which to apply the overrides if neither principal_name nor principal_uid are specified. The overrides are applied to all accounts for all principals that are members of the identified group. The principal_name field always acts as the keyfield and cannot be overridden. If you enter principal_name, it identifies the specific account to be overridden.
OSF DCE Administration Guide—Core Components When you override a principal’s password, only the principal’s local credentials are obtained at login, not the principal’s network credentials. Without network credentials, the principal cannot access the network registry and obtain the information that is normally provided at network login. Therefore, you must supply all of this information in the password_override file entry.
Performing Routine Maintenance 36.2.9 Specifying a Home Directory and Login Shell for a Machine To change an account’s home directory and login shell for a specific machine, create an override entry with a home directory name and a login shell name. For example, the following entry changes the home directory and login shell for user mozart’s account: mozart:::::rondo/mozart:/bin/ksh 36.2.
OSF DCE Administration Guide—Core Components 36.2.12 Howpasswd_override Handles Multiple Override Entries When more than one override entry applies to an account, the entry with the most specific account identifier (that is, either a principal UNIX ID, a group UNIX ID, or a principal name) is selected. Principal names are the most specific, followed by the principal UNIX ID and group UNIX ID.
Performing Routine Maintenance You can perform a secval ping operation on the local host or you can supply an argument to operate on a remote host. Because remote hosts might use different security servers, performing secval ping operations on remote hosts provides a way to test the authenticity of other security servers operating in a cell. The following example illustrates a secval ping operation to the secval process on remote host charon: dcecp> 1 secval ping /.:/hosts/charon/config/secval 36.
OSF DCE Administration Guide—Core Components same tape, store the tape in a locked area with restricted access. Alternatively, you can write the database and the key file to separate tapes and store each tape in a different location. 3. When the backup completes, take the master replica out of maintenance state, as follows: dcecp> registry enable /.../giverny.com/subsys/dce/sec/master The security server resumes accepting updates.
Performing Routine Maintenance Note: If you are restoring only a master key file and have not changed the master key, you can simply copy the master key file from the backup media without performing all of the other steps that are in the restore procedures. 36.6 Setting the _s(sec) Variable You can supply the name of the registry site to bind to as an argument to the dcecp commands that operate on the registry. If you do not supply a name, the command binds to the replica named in the _s(sec) variable.
OSF DCE Administration Guide—Core Components Some of the dcecp commands can act only on the master replica and thus require binding to the master. If you execute a command that acts only on the master and the master is not the default replica, dcecp automatically attempts to bind to the master replica in the current default cell. If this attempt is successful, dcecp displays a warning message, informing you that the default replica has been changed to the master registry.
Performing Routine Maintenance field entry. 124243 -m max_entries Sets the maximum number of registry entries that are put in the /etc/passwd and /etc/group files. -s Sorts the entries in the /etc/passwd and /etc/group files by UNIX number. If this option is not specified, the entries are in the random order in which they are retrieved from the registry. -h[elp] Displays help information. -v Runs in verbose mode.
Chapter 37. Handling Network Reconfigurations This chapter describes the procedures to handle network reconfigurations that change the locations of registry replicas. Specifically, this chapter covers the following: • Changing the master registry site • Removing a node from the network • Handling network address changes To perform the procedures in this chapter, you must be logged into the network registry account via an administrative account. 37.
OSF DCE Administration Guide—Core Components command can cause data to be lost, use it only when the current master has been destroyed. It is not recommended in instances when the master is unreachable because of a network failure or because the master has gone down temporarily. See Chapter 40 for more information on the dcecp registry set -master command. Follow these steps to change the site of a master replica: 1. Choose the new master site. A slave replica must exist at this site.
Handling Network Reconfigurations To verify that the slave is deleted, issue the dcecp registry catalog command. When the master has received the request to delete the slave, the slave appears on the replica list as marked for deletion. When the replica has actually been deleted, it no longer appears on the list. 37.
OSF DCE Administration Guide—Core Components 37−4 • If you anticipate a simultaneous address change, while the master and slave are still communicating, use the dcecp set command to bind to the master and then the dcecp registry delete command to delete the slave replica. • If secd is running at the master and slave sites, but the master and slave are not communicating, first use the dcecp set command to bind to the slave and then the registry delete -only command to destroy the slave.
Chapter 38. Setting Up the Registry This chapter describes the steps that you take to set up the registry in the DCE Security Service. Some of these steps are automatically handled by the dce_config script during DCE installation and configuration; others are performed by you, using the DCE utilities and control programs. The steps for setting up the registry are as follows: 1. Plan where the security service components are to be located in your network. 2.
OSF DCE Administration Guide—Core Components It is especially important that the machine where the master replica runs be available throughout the network. The machine size that is required to run secd depends on the platform and operating system. As a very general rule, choose machines large enough to accommodate future growth of the registry database. The machines must have enough disk space for the registry database and enough backing store so that processes do not thrash.
Setting Up the Registry -slave Specifies that a slave replica’s database should be created. Only the myname, -keyseed, and -verbose options can be used with the -slave option. -my[name] my_server_name This is a name that you assign to the security server (secd) on this machine. It is used by the name service to locate this cell’s security server.
OSF DCE Administration Guide—Core Components -g[roup_low_unix_id] unix_id This is the starting point for UNIX IDs that are automatically generated when a group is added by using the dcecp registry modify command or rgy_edit properties command. Note that you can explicitly enter a lower UNIX ID than this number; this lower limit applies only to automatically generated UNIX IDs.
Setting Up the Registry SECD Checkpoint on Tue Sep 27 11:44:15 1994 .... saving rgy .... saving acct .... saving person .... saving group .... saving org .... saving acl End SECD Checkpoint on Tue Sep 27 11:44:17 1994 38.2.3 The Results of sec_create_db The master registry database that is created by sec_create_db contains the principals, groups, and organizations listed in Table 38-1. TABLE 38-1.
OSF DCE Administration Guide—Core Components Some of the objects that were initially created by sec_create_db are reserved and cannot be deleted. These are indicated in the following list. • The reserved principals are as follows: — dce-ptgt — krbtgt/cell_name — dce-rgy • The reserved group is none. • The reserved organization is none.
Setting Up the Registry TABLE 38-2. Group Memberships Created by sec_create_db _________________________________________ The principal... Is a member of the group...
OSF DCE Administration Guide—Core Components authpolicy commands perform the same functions. 38.4.2 Adding Accounts After a new registry database is created, it contains only the principals, groups, organizations, and accounts that were added as initial information by sec_create_db. Use the dcecp account create command or rgy_edit add command to add any other names and accounts that your site requires. You can do this now or at any time later.
Setting Up the Registry 2. Issue the lrep command with the -state option to display all security servers and their status, as follows: sec_admin> lrep -state Default cell:/.../giverny.com Default replica:/.../giverny.
Chapter 39. Importing UNIX Accounts to DCE The passwd_import command creates entries in the registry that are based on information in the /etc/passwd and /etc/group files. It provides a method of ensuring account consistency between machines that use the DCE Security Service and those that do not, and a means of adding an existing UNIX user base to the registry. 39.1 How passwd_import Works When passwd_import processes entries, it compares group and password file entries to registry entries.
OSF DCE Administration Guide—Core Components 1. It opens the group and password files and establishes a connection to the registry. 2. It compares the group file entries to groups in the registry. If there are no conflicts, it creates groups in the registry that correspond to the groups in the group file. 3. It compares the entries in the password file to principals in the registry. Again, if there are no conflicts, it 4.
Importing UNIX Accounts to DCE — GECOS = The same value as the entry in the principal’s GECOS field in the etc/passwd file. — Good Since Date = Time of the account creation. — Home Directory = The same value as the principal’s home directory entry in the /etc/passwd file. — Login Shell = The same value as the principal’s login shell entry in the /etc/passwd file. — Maximum Certificate Lifetime = Set to the registry authentication policy.
OSF DCE Administration Guide—Core Components -o org The name of the organization to be assigned to all principals that are added to the registry. The default is the organization named none. -p password The password for the account with whose privileges passwd_import will run. If you do not use the -i option, passwd_import prompts you to resolve the name conflict. -u username The principal name of the account with whose privileges passwd_import will run.
Importing UNIX Accounts to DCE conflicts before you run passwd_import. 39.3.3 Resolving Conflicts The passwd_import command prompts you for instructions on how to resolve the conflicts it finds. You have the following choices: • You can create an alias to resolve a UNIX ID conflict. This action creates an alias for the registry object that is in conflict. This alias is assigned the same name as the conflicting entry in the group or password file.
OSF DCE Administration Guide—Core Components wheel::0: daemon::1: none::2: backup::3:user locksmith::4: login::5: mail::6:bin bin::7:root server::8: sys::9:root staff::10: sys_admin::11:user sys_proj::12: tgroup::35: • Password Entries root:sq1RclUrrb1L6:0:10::/: daemon:sq1RclUrrb1L6:1:2::/: none:sq1RclUrrb1L6:2:2::/: user:sq1RclUrrb1L6:3:2::/: lp:sq1RclUrrb1L6:4:7::/: sys_person:sq1RclUrrb1L6:5:2::/: admin:sq1RclUrrb1L6:6:2::/: uucp:sq1RclUrrb1L6:7:2::/usr/spool/uucppublic: bin:sq1RclUrrb1L6:8:7::/: UNIX
Importing UNIX Accounts to DCE lp::71:2:0000-lp(0000):/usr/spool/lp: setup::0:0:general system administration:/usr/admin:/bin/rsh powerdown::0:0:general system administration:/usr/admin:/bin/rsh sysadm::0:0:general system administration:/usr/admin:/bin/rsh checkfsys::0:0:check diskette file system:/usr/admin:/bin/rsh makefsys::0:0:make diskette file system:/usr/admin:/bin/rsh mountfsys::0:0:mount diskette file system:/usr/admin:/bin/rsh umountfsys::0:0:unmount diskette file system:/usr/admin:/bin/rsh 39.4.
OSF DCE Administration Guide—Core Components The following steps show how UNIX ID group conflicts are handled: 1. The passwd_import command first finds a conflict between UNIX IDs, as shown in the preceding sections. The name wheel in the group file and the name system in the registry both have UNIX IDs of 0. The passwd_import command prompts you for how to resolve the conflict, as follows: CONFLICT: (wheel 0) - Import Group’s UNIX id exists in registry.
Importing UNIX Accounts to DCE 39.4.3 Examining the Password File The passwd_import command then proceeds to examine the password file for conflicts. As it begins, it displays the following: Creating principal entries and accounts from password file. (dce / sad) When an entry is processed with no conflicts, passwd_import creates the principal in the registry, adds the principal to the appropriate group and organization, and creates an account for the principal.
OSF DCE Administration Guide—Core Components Add memberships from imported group file. (dce / sad) >> Add root as member of group with UNIX id: 0 >> Add root as member of group with UNIX id: 2 >> Add daemon as member of group with UNIX id: 2 39.4.5 Completing Processing When passwd_import completes processing, it displays the following: Closing import files. (dce / sad) Closing connection to registry.
Chapter 40. Troubleshooting Procedures This chapter contains procedures for troubleshooting the security servers. Use these procedures only when network or hardware failures disrupt operation of the registry, or when you encounter problems that can be remedied in no other way.
OSF DCE Administration Guide—Core Components When you bring up a security server in locksmith mode, secd automatically creates a locksmith account or, if the locksmith account exists, it lets you supply a new password for that account.
Troubleshooting Procedures TABLE 40-2. Registry Policy Changes Made by the Security Server _______________________________________________________________ If the security server finds the... It changes the....
OSF DCE Administration Guide—Core Components b. If you are able to log in with administrative privileges, use the dcecp registry stop command to shut down the security server. When you use this command, you must supply the fully qualified name of the replica to stop as an argument. The following sample command stops the replica named slave_3: dcecp> 2. registry stop /.../giverny.com/subsys/dce/sec/slave_3 Start the security server in locksmith mode.
Troubleshooting Procedures 40.3.1 Determining the Most Current Database To determine whether the backup of the master replica’s database or a slave replica’s database is more current, run the dcecp registry show -replica command for the replica. The output of this command lists the last update sequence number and the update date and time. Compare the replica’s last update sequence number and the update date and time with the sequence number and date and time of the master’s backup.
OSF DCE Administration Guide—Core Components 40.4 Recovering Slave Replicas Because slave replicas are not backed up, you must recreate a replica to restore a replica that is corrupted. To do so, use the following procedure: 1. Use standard UNIX commands to manually delete the replica’s database files and master key file. To do this, delete all the files in /opt/dcelocal/var/security/rgy_data, as well as the file in /opt/dcelocal/var/security/.mkey. 2.
Troubleshooting Procedures dcecp> 3. Issue the following registry set -slave command to change the chosen master to a slave: dcecp> 4. set _s(sec)/.../dublin.com/subsys/dce/sec/lit: registry set -slave Use the registry show -replica command to verify the change. 40.6 Forcibly Deleting a Slave Replica The procedure described in this section explains how to forcibly delete a slave replica. Use this drastic method only when the ordinary method of deletion described in Chapter 37 fails.
OSF DCE Administration Guide—Core Components 40.7 Restoring a Duplicate Master This section describes how to recover from a very unusual problem. Do not use the methods described here to resolve the problem unless it is absolutely necessary. Occasionally the replica that you want to be the master will have a master sequence number that is lower than (or equal to) another master sequence number in the system.
Troubleshooting Procedures registry object of the same name to adopt the orphan. The -uuid option creates a principal, group, or organization and lets you specify the UUID with which it should be associated instead of assigning it automatically. Except for the manner in which it is created, a principal, group, or organization created by these commands is no different from any other principal, group, or organization.
OSF DCE Administration Guide—Core Components -inprojlist For groups only, yes turns off the project list inclusion so that groups are not included in project lists. If you enter no, the group is included in project lists. Note: In the current implementation of DCE, UNIX numbers are embedded in UUIDs.
Chapter 41. Accessing Registry Objects This chapter describes the permissions that apply to objects in the registry. Because the permissions that are granted are based on the way the registry database is structured, this chapter first briefly describes the structure of the registry database. It then describes the permissions for each object in the registry database, the registry ACL managers, and the initial registry ACLs.
OSF DCE Administration Guide—Core Components The permissions that are granted to objects in the registry depend on where the object fits in the structure of the registry database. Figure 41-1 illustrates the registry database. The boxes represent container objects (directories). The ovals represent simple objects. Figure 41-1 shows only the top level principal, group, and org directories. Your registry can have subdirectories if you create them. Figure 41-1.
Accessing Registry Objects _______________________________________________________________________________ Permission Meaning ________________________________________________________________ __________________________________________________________________ A Execute commands that act on replicas ( sec_admin). _________________________________________________________________ a Modifies authentication information. _________________________________________________________________ c Modifies ACLs on objects.
OSF DCE Administration Guide—Core Components — Whether or not passwords can consist of all nonalphanumeric characters — The password expiration date — The minimum ticket lifetime — The default ticket lifetime — A number that defines the lowest UNIX ID that is supplied automatically when principals, groups, or organizations are created — A number that defines the highest number that can be supplied (either automatically or manually) as a UNIX ID when principals, groups, or organizations are created — Whether
Accessing Registry Objects — Organization Identifier (ORGID) for the organization — UUID of the organization — The account lifespan — The password minimum length — The password lifespan — The password expiration date — Whether or not passwords can contain spaces — Whether or not passwords can consist of all nonalphanumeric characters • For the xattrschema object — Whether or not the xattrschema can be modified 41.2.1.
OSF DCE Administration Guide—Core Components 41.2.1.3 User Information User information includes the following information pertaining to a principal’s account: • Password • Home directory • Miscellaneous information (GECOS information) • Login shell • Password-Valid Flag 41.2.2 Permission Required to Create Principals, Groups, or Organizations Figure 41-2 shows the permission that is required to create principals, groups, or organizations. Figure 41-2.
Accessing Registry Objects Parent Directory d permission principal, group, or organization D permission To delete principals, groups, or organizations, you must have the following permissions: • The d permission on the directory in which the principal to be deleted exists • The rD permission on the principal, group, or organization to be deleted For example, to delete the principal preludes/villa/lobos, you must have the d permission for the preludes/villa directory, and rD permissions for the prin
OSF DCE Administration Guide—Core Components 41.2.4.1 Adding an Account and the Account Principal to the Group and Organization Figure 41-4 shows the permissions required to add an account and the account principals to the group or organization. Figure 41-4.
Accessing Registry Objects principal named in the account mau permission group named in the account any permission organization named in the account r permission Policy Object r permission To add an account that does not require adding the account’s principal to the group and the organization named in the account, you must have the following permissions: • The mau permissions on the account principal • At least one permission of any kind on the group that is named in the account • The r permis
OSF DCE Administration Guide—Core Components permissions: • The maug permissions on the account’s principal • The tM permissions on the group that is named in the account • The r permission on the organization that is named in the account • The r permission on the registry policy object 41.2.4.4 Adding an Account and the Principal to the Organization Only Figure 41-7 shows the permissions that are required to add an account and the principal to the organization only. Figure 41-7.
Accessing Registry Objects principal named in the account rmau permission To delete accounts, you must have the rmau permissions for the principal that is named in the account. For example, to add or delete the account for the principal named preludes/villa/lobos, you must have the rmau permissions for preludes/villa/lobos. 41.2.6 Permissions Required to Add Members to Groups Figure 41-9 shows the permissions that are required to add members to groups. Figure 41-9.
OSF DCE Administration Guide—Core Components Figure 41-10.
Accessing Registry Objects Figure 41-12. Permissions Required to Change a Principal’s, Group’s, or Organization’s Full Name principal, group, or organization rf permission To change a principal’s, group’s, or organization’s full name, you must have the rf permissions for the principal, group, or organization for which you are making the change. 41.2.
OSF DCE Administration Guide—Core Components To change all management, authentication, and user information (except passwords) for accounts, you must have the following permissions for the principal that is named in the account: • The ra permission to change authentication information • The rm permission to change management information • The ru permission to change user information 41.2.
Accessing Registry Objects 41.2.14 Permissions Required to Execute Commands That Act on Replicas Figure 41-17 shows the permissions that are required to execute commands that act on replicas. Figure 41-17.
OSF DCE Administration Guide—Core Components 41.2.16 Permissions Required to Delete Extended Registry Attribute Types Figure 41-19 shows the permissions that are required to delete ERA types. Figure 41-19. Permissions Required to Delete Extended Registry Attribute Types xattrschema object d permission To delete ERA types, you must have d permission on the xattrschema object. 41.2.
Accessing Registry Objects xattrschema object m permission To modify ERA types, you must have m permission on the xattrschema object. 41.2.19 Permission Required to Change ACLs on Registry Objects Figure 41-22 shows the permissions that are required to change ACLs on registry objects. Figure 41-22.
OSF DCE Administration Guide—Core Components 41.3 Registry ACL Manager The registry ACL manager consists of five manager types, which are used to handle different ACL semantics that are required by the five types of objects in the registry. For example, the principal ACL manager type controls the ACLs on all principal objects in the registry.
Accessing Registry Objects registry creator. Note: You platform’s configuration tool may update these initial ACLs.
OSF DCE Administration Guide—Core Components 41−20 Tandem Computers Incorporated 124243
Chapter 42. DCE Audit Service Auditing plays a critical role in distributed systems. Adequate audit facilities are necessary for detecting and recording critical events in distributed applications. Auditing, a key component of DCE, is provided by the DCE Audit Service. This chapter provides an introduction to the DCE Audit Service. 42.
OSF DCE Administration Guide—Core Components at certain code points in the application server program to actuate the recording of audit events. Other APIs can be used to create tools that examine and analyze the audit event records. • audit daemon The audit daemon provides the following services: — Maintains the filters and the central audit trail file. — Exports an RPC interface with which it can be controlled by the DCE control program (dcecp).
DCE Audit Service Service are documented in the sec_audit_events(5sec) reference page. Code points and their associated events for the DCE Distributed Time Service are documented in the dts_audit_events(5sec) reference page. Code points and their associated events for the DCE Audit Service are documented in the aud_audit_events(5sec) reference page. 42.3.3 Audit Events An audit event is any event that an audit client wishes to record. Generally, audit events involve the integrity of the system.
OSF DCE Administration Guide—Core Components The name of an event class is the same as its filename. Each event class is defined within an event class file. You can define new event classes by removing or adding event numbers in the event class files, or by creating new event class files. 42.3.5.2 Event Class Names Each event class has a symbolic name assigned to it.
DCE Audit Service 42.3.5.4 Event Class Number Formats Event class numbers follow one of five formats (A to E), depending on the number of event classes in the organization. The format of an event class number can be determined from its four high-order bits. Format A can be used by large organizations (such as OSF or major DCE vendors) that need more than 16 bits for the class ID. This format allocates 7 bits to the set ID and 24 bits to the class ID.
OSF DCE Administration Guide—Core Components A filter is composed of filter guides that specify these conditions. Filter guides also specify what action to take if the condition (outcome) is met.
DCE Audit Service 42.3.6.2 Filter Guides A filter contains one or more guides. A filter guide contains three elements: audit condition, audit action, and event class. An audit condition specifies the required outcome (or outcomes) of the event before an audit record is written to the audit trail. These outcomes are not mutually exclusive. The audit conditions are • success—Records only if event succeeds. • failure—Records only if event fails.
OSF DCE Administration Guide—Core Components 42.3.6.4 Filter Rules Filter rules are used to resolve overlapping guides from different filters. There are two filter rules: the override and the high-water-mark. Under the override rule, filters that are overridable (that is, cell_overridable and world_overridable types) are nullified by more specific filters. The override rule serves as a mechanism that allows for complementary filters.
DCE Audit Service When Alice invokes events in the critical_transactions event class, the principal filter (filter 1) is applicable because its key matches Alice’s identity. The principal filter is more specific than the cell filter. Although the cell filter (filter 2) is also applicable to Alice (Alice belongs to cell X), it is overridden by the principal filter because the cell filter is overridable. For other principals in Company (cell) X, the only applicable filter is the cell filter (filter 2).
OSF DCE Administration Guide—Core Components 42.4 Administration and Programming in DCE Audit Many of the DCE Audit Service administrative tasks are related to the tasks performed by the application programer. To understand these administrative tasks, you should be familiar with some programming aspects of the DCE Audit Service. This section describes a typical DCE Audit Service programming and administrative scenario and their tasks. A banking server example illustrates this scenario. 42.4.
DCE Audit Service #define evt_vn_bank_server_acct_transfer 0x01000004 3. Adds a call to the dce_aud_open() API to the application server’s initialization routines. This opens the audit trail file. This function uses the event number of the lowest numbered event, (in this case acct_open()) as one of its parameters. For example: main() /* evt_vn_bank_server_acct_open is the lowest event number */ dce_aud_open(aud_c_trl_open_write, description, evt_vn_bank_server_acct_open, 5, &audit_trail, &status); 4.
OSF DCE Administration Guide—Core Components acct_open() /* first code point */ /* Uses the event number for acct_open(), */ /* evt_vn_bank_server_acct_open */ dce_aud_start(evt_vn_bank_server_acct_open, binding,options,outcome,&ard, &status); if (ard) /* If events need to be logged */ dce_aud_put_ev_info(ard,info,&status); if (ard) /* If events were logged */ dce_aud_commit(at,ard,options,format,&outcome,&status); acct_close() /* second code point */ /* Uses the event number for acct_close(), */ /* evt_v
DCE Audit Service 2. The administrator decides to create two event classes: the account_creation_operations class comprised of acct_open() and acct_close(), and the account_balance_operations class comprised of acct_withdraw(), acct_deposit( ), and acct_transfer( ). The administrator assigns the event class account_creation_operations the event class number 0xC0000006. Event class account_balance_operations is assigned the event class number 0xC0000007.
OSF DCE Administration Guide—Core Components The filter for all other users has the following guides: • Audit the events in both event classes, subject to the next condition. • Write an audit record if an operation in that event class succeeded, failed, or failed because of access denial. • Write the audit record both in an audit trail file and the console.
Chapter 43. DCE Audit Service Administrative Tasks This chapter describes the following administrative tasks that are performed for the DCE Audit Service: • Setting the DCE audit environment variables. • Starting (and stopping) the DCE audit daemon. • Controlling access to the DCE audit daemon. • Creating and maintaining event classes to logically group a set of audit events. Event classes are created by editing event class files.
OSF DCE Administration Guide—Core Components no filtering and all audit events are recorded. • DCEAUDITTRAILSIZE—Sets the maximum size of the audit trail. 43.2 Starting the Audit Daemon The DCE Audit Service is not a distributed application. The audit daemon (auditd) does not need to run on all DCE hosts even if a client application is making use of the audit service.
DCE Audit Service Administrative Tasks l Log permission. Allows a principal to write audit records in the audit trail file. 43.3.2 Initial ACL of the Audit Daemon The initial ACL of a host’s audit daemon contains the following entries: {unauthenticated -r--} {user hosts/nodoz/self crwl} {group subsys/dce/audit-admin crwl} {any_other -r--} The first entry allows any unauthenticated user only read access to the filters.
OSF DCE Administration Guide—Core Components 43.4 Defining Event Classes Individual audit events can be grouped together to form event classes. The event class provides an efficient mechanism by which sets of events can be logically grouped and selected using a single value. DCE audit event classes are configurable. You can add or remove events of an existing event class or define new event classes.
DCE Audit Service Administrative Tasks 43.4.
OSF DCE Administration Guide—Core Components 43.5.1 Creating Filters The following is an example audfilter create command for creating a filter: dcecp> audfilter create {group trust} \ -attribute {ec_local_bank_audit denial log} The example command specifies that a filter type group be created for the DCE group named trust in the local cell. The -attributes option is required. The argument to the option is a filter guide or list of guides.
DCE Audit Service Administrative Tasks dcecp> audfilter delete {foreign_principal /.../foreign_cell_name/jedwards} The example command deletes the audit filter for the DCE principal jedwards in the foreign cell /.../foreign_cell_name. You can specify more than one filter to be operated on in the audfilter delete command. As with the previous example of modifying filters, when deleting multiple filter, you must use the standard dcecp syntax.
OSF DCE Administration Guide—Core Components 43.5.5 Enabling Audit Filters If you want to enable the audit filters, you must first set the DCEAUDITFILTERON environment variable. You must set this variable before starting the server (that is, the audit client). 43.5.5.
DCE Audit Service Administrative Tasks disables it. You may want to disable the logging service when the audit trail file becomes too large, and then enable it again after the audit trail has been backed up and rewound (using the aud rewind command). Using the enable or disable commands enable or disable audit record logging to the central audit trail file. Applications such as the security server and the time server use their own audit trail files and are not affected by use of enable or disable.
OSF DCE Administration Guide—Core Components 43.8.1 Displaying Audit Trail Files Use the dcecp auditrail show command to examine the contents of an audit trail file. You can display the contents of either the central or local audit trail file. For example, you can use the following command to see the contents of the audit trail file central_trail: dcecp> audtrail show /opt/dcelocal/var/audit/adm/central_trail --- Start of an event record --- Event Number: 259 Client: /.../stp.gburg.ibm.
DCE Audit Service Administrative Tasks You can also allow the audit daemon to ‘‘wrap’’ around the central trail file when its limit (the default 2 MB or set by DCEAUDITTRAILSIZE) is reached. To do this, you should start the audit daemon with the -wrap option: auditd -wrap You may also want to use this option if old audit records have little or no value and you want to keep only relatively recent records. A trail size limit can also be set using the -s option of the auditd command.
Appendix A. Valid Characters and Naming Rules for CDS This appendix discusses the valid character sets for the DCE Directory Service names as used by CDS interfaces. It also explains some characters that have special meaning and describes some restrictions and rules regarding case matching, syntax, and size limits. It is not a comprehensive reference for CDS, GDS, and DNS, but instead gives an overview of some key points to remember about each service.
OSF DCE Administration Guide—Core Components SP 0 @ P ‘ p ! 1 A Q a q " 2 B R b r # 3 C S c s $ 4 D T d t % 5 E U e u & 6 F V f v ’ 7 G W g w ( 8 H X h x ) 9 I Y i y * : J Z j z + ; K [ k { , < L \ l | − = M ] m } .
Valid Characters and Naming Rules for CDS ____________________________________________________________ Directory Service Character Meaning _____________________________________________________________ ___________________________________________________________ CDS / Separates elements of a name (simple names). * When used in the rightmost simple name of a name that is entered in a cdscp show or list command, it acts as a wildcard, matching zero or more characters.
OSF DCE Administration Guide—Core Components TABLE A-2. Summary of CDS, GDS, and DNS Characteristics ________________________________________________________________________ CDS GDS DNS __Characteristic _______________________________________________________________________ _______________________________________________________________________ Character Set a to z, A to Z, 0 to 9 plus space and special characters shown in Figure A-1 a to z, A to Z, 0 to 9 plus .
Valid Characters and Naming Rules for CDS ________________________________________________________________________ Characteristic CDS GDS DNS _______________________________________________________________________ _________________________________________________________________________ Ordering of Name Elements Big endian (left to right from root to lower-level names). Big endian (left to right from root to lower-level names). Little endian (right to left from root to lower-level names).
Appendix B. Object Identifier Files The X/Open Directory Service (XDS) interface offers client application programmers the ability to create and maintain names in either CDS or GDS. Programmers can also create new CDS attribute names or GDS attribute type labels. In the DCE Version 1.1 Directory Service, every CDS attribute name and GDS attribute type label has a corresponding unique number called an object identifier (OID).
OSF DCE Administration Guide—Core Components 1 ISO 3 Identified organization 22 Open Software Foundation 1 Distributed Computing Environment 1 Remote Procedure Call 2 RPC Object UUIDs B.2 The cds_attributes File The cds_attributes file contains object identifiers for CDS attributes and object classes.
Object Identifier Files # OID # 1.3.22.1.3.10 1.3.22.1.3.11 1.3.22.1.3.12 1.3.22.1.3.13 1.3.22.1.3.15 1.3.22.1.3.16 1.3.22.1.3.17 1.3.22.1.3.19 1.3.22.1.3.20 1.3.22.1.3.21 1.3.22.1.3.22 1.3.22.1.3.23 1.3.22.1.3.24 1.3.22.1.3.25 1.3.22.1.3.27 1.3.22.1.3.28 1.3.22.1.3.30 1.3.22.1.3.32 1.3.22.1.3.34 1.3.22.1.3.36 1.3.22.1.3.37 1.3.22.1.3.40 1.3.22.1.3.41 1.3.22.1.3.42 1.3.22.1.3.43 1.3.22.1.3.44 1.3.22.1.3.45 1.3.22.1.3.46 1.3.22.1.3.48 1.3.22.1.3.52 1.3.22.1.3.53 1.3.22.1.3.54 1.3.22.1.1.1 1.3.22.1.1.2 1.3.
OSF DCE Administration Guide—Core Components B.3 The cds_globalnames File The cds_globalnames file contains a copy of data that is stored in a Directory Service Agent (DSA) schema for use by GDS. CDS uses this file to interpret the GDS portion of global names that it handles. The file contains only naming attributes; that is, attributes that constitute a distinguished name. The following is a sample portion of the cds_globalnames file: # OID LABEL ASN.1-IDENTIFIER SYNTAX MATCHING # # Reference: X.
Object Identifier Files CIM Case Ignore String Matching—Same as CEM, except that characters differing only in case are considered to match. PM Printable String Matching—Same as CEM. NM Numeric String Matching—Same as CEM, except that all spaces are ignored. - Unspecified. The cds_globalnames file contains additional comments and descriptive information about attribute types and case-matching rules. (See the X.500 recommendation for details on the ASN.1 identifiers and their meaning.) B.
OSF DCE Administration Guide—Core Components B.5.1 Adding a New Attribute Use the dcecp modify command with the -add option to add a new attribute to an object entity. To add a new attribute, you must have previously added the new attribute to the cds_attributes file on each host in the cell. You must also have write permission to the entity to which you are adding new attributes. For example, the following command adds the single-valued attribute (o w n e r ) ot directory (/.
Object Identifier Files To remove a single value from a multivalued attribute, use the -remove option and specify the value to be removed. For example, the following command removes the carrots value of the vegetables attribute from the /.:/admin/garden object: dcecp> 124243 object modify /.
Appendix C. Time-Providers and Time Services This appendix explains the criteria to use when selecting a time-provider, and describes time dissemination services, time-providers (hardware and software) and their interaction with DTS. The appendix also contains a world time zone map. C.
OSF DCE Administration Guide—Core Components _____________________________________________________________ Type Coverage Inaccuracy Cost _____________________________________________________________ _____________________________________________________________ Telephone _____________________________________________________________ NIST Regional 10 msec.
Time-Providers and Time Services Transmits at 2.5, 5.0, 10.0, 15.0 MHz to North America and South America. • WWVB Transmits at 60 kHz primarily to the United States, providing high-quality frequency information because atmospheric propagation effects are relatively minor. • WWVH Transmits at 2.5, 5.0, 10.0, 15.0 MHz to Alaska, Hawaii, Australia, New Zealand, Japan, and Southeast Asia. The following stations are available in Europe: • MSF Broadcasts from England at 60 kHz.
OSF DCE Administration Guide—Core Components C.3 World Time Zone Map Figure C-1 shows a map of the world time zones, including the following: • UTC reference zone • Odd-numbered and even-numbered zones • Half-hour zones • Countries and areas that have not adopted the zone system or where time differs other than a half hour from the neighboring zone Figure C-1.
Appendix D. DTS Extended BNF This appendix defines the Distributed Time Service (DTS) syntax in extended Backus Naur Format (BNF) notation. The BNF for DTS time conversion has four parts: year, day, tdf, and inaccuracy. For any part whose value is not explicitly expressed, the conversion default value is taken as that of the current day.
OSF DCE Administration Guide—Core Components ; sign :| + ; partial : number | number frac | number frac number | frac number ; frac | :.
Index _____________________________ Symbols .dcecprc example of, 1-17 use of, 1-17 /.: prefix, 11-8 /: prefix, 11-9 /etc/group file, 27-7, 36-14 /etc/passwd file, 27-7, 36-14 A abbreviations, 1-6, 1-13 absolute time, 23-10 to 23-11 access control list.
OSF DCE Administration Guide—Core Components types, 16-2 types of, editing, 28-17 administration objects, 1-3 adding new objects, 1-18 alias cell names, 11-8 aliases changing, 30-20 creating, 30-19, 30-20 deleting, 30-7 on project lists, 30-15 rights accrued, 30-2 any_other entry type, 28-7, 28-9 applications, using DTS, 23-2, 23-3 arithmetic functions in dcecp, 2 - 1 4 attribute, 12-4 attribute schema, defined, 32-1 attribute types, access control, 32-2 Attribute Value Assertions.
Index C CDS, 38-1 about, 11-3 appending directories, 20-4 attribute adding, B-6 modifying, B-5, B-6 removing, B-6 clerk, about, 12-2 clerks stopping, 17-3 viewing counters, 17-1 components, 12-1 concepts, 12-1 to 12-8 configuration (figure), 12-2 control program, 12-8 control programs for managing, 15-1 to 15-5 controlling local management operations, 16-6 to 16-7 dcecp operations on objects, 15-2 deleting nonreplicated directories, 21-8 deleting replicas, 21-9 displaying attribute values, 19-4 to 19-6 how
OSF DCE Administration Guide—Core Components testing operation of, 5-3 child cells and child pointers, 12-5 naming, 11-6 pointers about, 12-5 and child cells, 12-5 clearinghouses about, 12-2, 12-3 communications with CDS clerks, 17-2 deleting, 21-13 to 21-14 object entries, 12-5, 13-2 to 13-3 preserving after server upgrades, 17-5 relocating, 21-10 to 21-13 viewing contents, 17-3 viewing counters, 17-2 clients, showing in a cell, 5-1 clock set command, 25-20, 25-21 clocks adjusting.
Index invoking operations, 1-4, 1-6 its use of Tcl, 1-2 language, 2-1 modifying and querying audit daemon attributes, 43-9 modifying filters, 43-6 multiple operations, 1-5 starting and stopping, 1-4 uses of, 1-6 DCE control program language, 2-1 command substitution, 2-3 comments, 2-7 conditional if statements, 2-17 controlling scripts, 2-17 convenience variables, 2-8 See also convenience variables creating procedures, 2-24 error handling, 2-29 error information, 2-29 evaluating commands, 2-22 expressions,
OSF DCE Administration Guide—Core Components default filters, 43-7 DFS, interaction with directory service, 11-2 DIB, about, 11-11 direct trust relationships, 33-2 directories about, 11-10 access control (CDS), 16-3 appending errors, 20-6 cell root, 11-10 checking the ACLs for, 18-3 child, 11-10 child pointers (CDS), 12-5, 13-4 to 13-5 controlling access to, 28-1 to 28-23 convergence (CDS), 18-10 creating, 18-2 creating (CDS), 18-1 to 18-3 merging, 20-1 duplicate name problems, 20-6 handling insufficient pe
Index checkinterval attribute, 25-20 converting to clerks, 25-7 synchronization procedures, 23-7 temporary reconfiguration on a node, 25-7 dtscp commands, clock set, 25-20, 25-21 dts_ntp_provider.c, 26-1 dts_null_provider.
OSF DCE Administration Guide—Core Components foreign_user entry type, 28-7, 28-8 full names, 11-11, 11-13, 30-2 G GDA about, 11-4 how it works, 22-1 to 22-4 managing, 22-4 to 22-5 gdad command, 22-5 gdad process, 22-4 GDS about, 11-3 defining cell names, 22-8 searching via attributes, 11-13 GECOS information, overriding, 36-2 Global Directory Agent. See GDA Global Directory Service.
Index removing from a cell, 7-5 showing in a cell, 5-1 showing servers configured on, 7-2 starting processes on, 7-3 stopping processes on, 7-4 testing availability of, 7-3 machine and server accounts, 31-19 version numbers, 31-15 keytab file adding keys, 31-15 dced object, 31-13 deleting, 31-18 protecting, 31-14 krbtgt directory, in multicell environment, 33-1 I if statements in dcecp,2-17 inaccuracy values determining, 23-6 to 23-7 example, 25-4 init.dcecp, use of, 1-16 init.
OSF DCE Administration Guide—Core Components M masks, types and use of, 28-10 mask_obj entry type, effect on ACL checking, 28-14 master keys backing up, 36-11 changing, 36-10 restoring, 36-12 mathmatical functions in dcecp,2-14 maxinaccuracy attribute, 25-12 to 25-13 max_invalid_attempts ERA, 30-10 membership lists, 30-18 to 30-19 merging, overview of procedure, 20-1 merging CDS directories, overview, 20-1 minimum ticket lifetime, setting in registry, 35-9 minservers attribute, changing, 25-9 N namespace
Index management information, 41-4 membership lists, 30-18 to 30-19 naming restrictions, 30-1 policies, 35-7 orphans, adopting, 30-4, 40-8 to 40-10 other_obj entry type, 28-7, 28-8 overrides, 36-2 to 36-10 P parent cells, and child pointers, 12-5 parsing arguments in dcecp scripts, 3-11 strings in dcecp,2-27 passwd_override ERA, 30-14 passwd_override file format, 36-2 to 36-4 scope, 36-2 password, 30-7 changing, 41-14 changing in cross-cell authorization accounts, 33-11 default, 38-6 effects of policy chan
OSF DCE Administration Guide—Core Components third-party, 30-8 timestamps, 30-8 pre_auth_req ERA, 30-9 primary names about, 30-1, 30-20 changing, 30-20 conflicting, 39-1, 39-3 to 39-10 format, 30-2 principals See also users about, 27-2 accounts for foreign, 33-1, 33-12 accrual of group permissions, 28-9 ACL entry types, 28-6 adding to registry, 30-4 to 30-6, 41-6 authenticating, 31-3 to 31-7 authentication information, 41-5 changing full names, 41-12 to 41-13 changing management information, 41-13 changing
Index database about, 27-2 backing up, 36-11 changing master key, 36-10 how stored, 27-3 physical security, 27-3 populating, 38-7 privileges of creator, 38-6 range for UNIX numbers, 30-4 setting up, 38-1 viewing information, 34-1 default ticket lifetime property, 35-7 deleting when machines are removed, 37-2 displaying and setting policies, 35-7 extending, 32-1 hidden password property, 35-8 Initial Object ACLs, 41-18 to 41-20 local, 27-8, 31-19 local overrides, 36-1 to 36-10 maintaining local, 31-19 to 31-
OSF DCE Administration Guide—Core Components properties,31-20 purge, 31-22 RPC interaction with directory service, 11-1 to 11-2 interface, identifier, 10-29 S schema, 32-1 about, 11-11 entries, displaying, 34-7 scripts See also DCE control program language formal example of, 3-4 writing in dcecp,3-3 informal example of, 3-3 writing in dcecp,3-2 invoking, 1-6 making available, 3-13 parsing arguments in, 3-11 writing dcecp, 3-1 security commands kdestroy,31-6 klist, 31-5 secd, syntax, 40-3 dcecp operations f
Index monotonically, 25-20 updating nonmonotonically, 25-21 T task objects about, 4-1 cell, 5 -1 extending, 5-5, 6-3 cell_alias, 6 -1 creating, 3-3 host,7-1 listed, 4-2 user,8-1 extending, 8-4 Tcl.
OSF DCE Administration Guide—Core Components showing information about, 8-3 user_obj entry type, 28-6, 28-8 UTC about, 23-10 and local time, 23-11 commercial providers, C-2 to C-3 UUID, and deleted principals, 30-4 V variables convenience, in dcecp scripts, 2-8 error information in dcecp, 2-29 global error information in dcecp, 2 -29 global, in dcecp,2-24 importing, in dcecp, 2-25 local, in dcecp,2-24 used in dcecp,2-2 W WAN, 24-3 to 24-7 wide area network. See WAN X X.
