OSF DCE Administration Guide--Core Components
OSF DCE Administration Guide—Core Components
You should maintain standard versions of the /etc/passwd and /etc/group files on local
machines to ensure compatibility with UNIX programs. To keep the /etc/passwd and
/etc/group files consistent with the registry database, use the passwd_export command.
It is advisable to run passwd_export on a regular basis, preferably using cron. (See
Chapter 36 for details on passwd_export.)
Note: Unlike standard UNIX behavior, the /etc/passwd and /etc/group files are
not used for local login if a security server is unavailable. Instead, the local
registry (described in the following section) is used. The /etc/passwd and
/etc/group file are maintained only for compatibility with UNIX programs
that require their existence.
27.8 The Local Registry
The local registry, which resides in the dcelocal/var/security directory on each local
machine, contains information about the machine’s most recent users and the date and
time that they last logged in. If a security server is not available for network login, the
authentication service attempts to obtain the information that is required for a local login
from the local registry.
When a security server is running on the network, the authentication service
automatically creates a local registry the first time anyone logs into DCE from the
machine. Thereafter, it updates the local registry each time anyone logs into DCE from
the machine. You can edit the local registry by using the rgy_edit command with the -l
flag. Note that the dcecp command does not access the local registry.
(See Chapter 37 for an example of how to use the rgy_edit command to perform this
task.)
27.9 Names for Security Objects
Because the security namespace is rooted in the Cell Directory Service (CDS)
namespace, security objects have CDS pathnames, which take the following form:
/.../cellname/mount_point/object_name
where:
cellname Is the name of the cell in which the object resides.
mount_point Is the name under which the DCE Security Service is registered in
CDS.
object_name Is the name of the registry object assigned when the object is
created. If the object resides in a directory, object_name consists of
the names of the object itself and any directories that must be
traversed to access the object. Note that registry objects generally
reside in the principal, group, or organization directory in the
registry database. See Chapter 41 for a more complete description
27 − 8 Tandem Computers Incorporated 124243