Manualshelf

OSF DCE Administration Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
361362363364365366367368369370
Chapter 29. Control Programs for Managing the
DCE Security Service
You can perform most of the management tasks for the DCE Security Service by using
the DCE control program (dcecp). However, some of the components of this service
require you to use other control programs provided in DCE.
This chapter provides information about the commands that the DCE control program
offers for DCE Security Service management. The chapter also describes the commands
that the registry editor program (rgy_edit) provides for maintaining local registries. In
addition, the chapter describes the commands that the sec_admin program supplies for
reorganizing the registry replica set in a cell.
Control programs that you use for security-related management tasks from time to time,
such as password_export and sec_create_db, are not covered in this chapter. These
programs are described in subsequent chapters of this guide along with the instructions
for performing the tasks.
29.1 Using the DCE Control Program
Since detailed information about the DCE control program and its command syntax
appears in Part 1 of this guide, this chapter does not repeat the information. It describes
only the commands that the DCE control program provides specifically for managing the
DCE Security Service.
The DCE control program creates and maintains principals, groups, organizations, and
accounts for the DCE Security Service’s network-wide registry (registry service
component). The control program also operates on the keytab files that protect the
passwords for security servers on the local node (authentication service component).
Additionally, it maintains the ACLs that protect DCE resources (privilege service
component). The DCE control program commands for managing the DCE Security
Service operate on these security and DCE-wide resources through various objects that it
defines. For example, the control program’s acl check command displays the
permissions that the ACL for a DCE Security Service object grants to the invoking
principal.
124243 Tandem Computers Incorporated 291