Manualshelf

OSF DCE Administration Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
111112113114115116117118119120
Chapter 8. Managing DCE Users
One of the most frequent DCE administration tasks is likely to be managing users in your
DCE environment. Corporate reorganizations, changing business needs, and fluctuating
economics all exert pressures causing users to come and go or to move between various
groups or organizations.
DCE users represent a big part of what DCE is designed to support; the DCE services
authenticate and admit some while denying access to those who are unauthorized.
Indeed, users have complex management requirements; their information is spread
among multiple services that help validate and control their activities. User information
includes principal names, group and organization information, account information, and
information in CDS.
The DCE control program includes separate administration objects for managing each
piece of user information in a DCE cell. While these separate objects might be very
useful for making minor adjustments to certain user information, their constant use for
repetitive tasks such as adding and removing users from a cell would prove quite tedious.
A simpler method relies on the user task object that you can use to more easily create,
delete, and show user information in a DCE cell. Online help for this object is available
using the user help and user operations commands in dcecp.
8.1 Creating a New User
Each user in a DCE environment is a person with a unique identity (principal name).
Each principal is a member of at least one security group and organization and has an
account in the DCE Security Service registry database. Although it’s not required, each
principal can also have a directory in CDS.
When you create a user with the user task object, you perform several lower-level
operations:
1. The user create operation creates a new principal name and adds the principal to a
security group and organization. If the security group or organization does not
exist when you invoke the operation, you can force their creation by using the
-force option. The principal attributes assume default values, but you can specify
other attributes if necessary. All of the attributes are listed in the user(8dce)
124243 Tandem Computers Incorporated 81