Manualshelf

OSF DCE Administration Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
341342343344345346347348349350
Overview of DCE Security
of the registry database structure.
For example, the full pathname for the principal bach, which resides in the cell
dresden.com, uses the sec (security) mount point and is in the principal directory as
follows:
/.../dresden.com/sec/principal/bach
As another example, assume the group east-west resides in sales, which is a subdirectory
of the group directory in the registry database in the dresden.com cell. The full
pathname for east-west is as follows:
/.../dresden.com/sec/group/sales/east-west
27.9.1 UsingNames with dcecp Security Commands
For all the dcecp commands that are used to manage the DCE Security Service, except
dcecp acl, you supply only an object name to identify the object you want to manipulate.
The object names are stored in the registry database. You are not required to enter a cell
name (the local cell is assumed) or mount point (the name registered for the DCE
Security Service is assumed).
27.9.2 UsingNames with the dcecp acl Command
Unlike other dcecp security commands, the dcecp acl command works with ACLs that
can be maintained by DCE services other than security. Like any generic tool that
operates on objects that can exist in different namespaces, dcecp acl requires the
object’s fully qualified CDS pathname instead of just object_name.
For example, to use the dcecp acl command to change the ACL that is associated with
principal bach’s registry account, you must enter the following fully qualified name:
/.../dresden.com/sec/principal/bach
or
/.:/sec/principal/bach
Note also that, to use dcecp acl to manipulate the ACL that is on the principal directory
of the registry database, and thus control who can add or delete principals, you must
enter the following fully qualified name:
/.../dresden.com/sec/principal
In a hierarchical cell, one name can represent a directory and a principal. For example
assume that a principal name is stored in Cell A’s registry to represent a cell with which
Cell A engages in cross-cell authentication. The name for the cell in the registry is
124243 Tandem Computers Incorporated 279