OSF DCE Administration Guide--Core Components
OSF DCE Administration Guide—Core Components
Figure 27-1. Machines, Servers, and the Database
machine
running a
security client
machine
running a
security client
dceloca
l/bin/secd
Security Service Clients
Request Database Operations
The Server Accesses
the Database
Registry
Database
27.2 The Registry Database
The registry database contains the following information:
• Principals—Principals are the users of the system. Principals can be interactive
principals (human users) or noninteractive (servers, machines, and cells). Principals
can be associated with access permissions.
• Groups—Groups are collections of principals that are identified by a group name.
Groups can be associated with access permissions.
• Organizations—Organizations are collections of principals; these principals are
identified by an organization name. Organizations define the policies associated with
the principals in the registry. Organizations cannot be associated with access
permissions.
• Accounts—Accounts contain the passwords and accounting information that allow
principals authenticated access to objects within the cell. (Authenticated access can
also occur between principals in different cells, as described in the following text.)
• Policies and Properties—Policies and properties regulate such things as password
length and format and certain authentication requirements.
• The replist object —This object is used to manage replicas of the registry database.
• The xattrschema object—This object is the extended registry schema created with
the ERA facility.
27 − 2 Tandem Computers Incorporated 124243