OSF DCE Administration Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series

341

342

343

344

345

346

347

348

349

350

OSF DCE Administration Guide—Core Components

You should maintain standard versions of the /etc/passwd and /etc/group ﬁles on local

machines to ensure compatibility with UNIX programs. To keep the /etc/passwd and

/etc/group ﬁles consistent with the registry database, use the passwd_export command.

It is advisable to run passwd_export on a regular basis, preferably using cron. (See

Chapter 36 for details on passwd_export.)

Note: Unlike standard UNIX behavior, the /etc/passwd and /etc/group ﬁles are

not used for local login if a security server is unavailable. Instead, the local

registry (described in the following section) is used. The /etc/passwd and

/etc/group ﬁle are maintained only for compatibility with UNIX programs

that require their existence.

27.8 The Local Registry

The local registry, which resides in the dcelocal/var/security directory on each local

machine, contains information about the machine’s most recent users and the date and

time that they last logged in. If a security server is not available for network login, the

authentication service attempts to obtain the information that is required for a local login

from the local registry.

When a security server is running on the network, the authentication service

automatically creates a local registry the ﬁrst time anyone logs into DCE from the

machine. Thereafter, it updates the local registry each time anyone logs into DCE from

the machine. You can edit the local registry by using the rgy_edit command with the -l

ﬂag. Note that the dcecp command does not access the local registry.

(See Chapter 37 for an example of how to use the rgy_edit command to perform this

task.)

27.9 Names for Security Objects

Because the security namespace is rooted in the Cell Directory Service (CDS)

namespace, security objects have CDS pathnames, which take the following form:

/.../cellname/mount_point/object_name

where:

cellname Is the name of the cell in which the object resides.

mount_point Is the name under which the DCE Security Service is registered in

CDS.

object_name Is the name of the registry object assigned when the object is

created. If the object resides in a directory, object_name consists of

the names of the object itself and any directories that must be

traversed to access the object. Note that registry objects generally

reside in the principal, group, or organization directory in the

registry database. See Chapter 41 for a more complete description

27 − 8 Tandem Computers Incorporated 124243