Manualshelf

OSF DCE Administration Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
371372373374375376377378379380
Creating and Maintaining Principals, Groups, and Organizations
30.2 Reserved Principals and Accounts
Some principals and accounts are reserved for use by various system operations. You
cannot delete reserved principals. You can modify, but not directly delete reserved
accounts. Note, however, that you may delete reserved accounts indirectly by deleting
the group or organization that is specified in the account. (See Chapter 31 for details.)
A list of reserved principals and accounts follows. In the list cell_name is the name of
your cell, and host_principal_name is the name of the machine principal. The actual
form of this name is set during DCE configuration.
Reserved Principals:
dce-ptgt
krbtgt/cell_name
dce-rgy
host_principal_name
Reserved Accounts:
dce-ptgt none none
krbtgt/cell_name none none
dce-rgy none none
host_principal_name none none
30.3 Object Creation Quotas
You can assign an object creation quota to each principal. This assignment allows you to
control the number of registry objects that can be created by the principal. If you allow
users to create their own groups, for example, you can use this quota to limit the total
number of groups they can create. The default for the object creation quota is unlimited,
meaning that no limits are placed on the number of objects the principal can create. A
value of 0 (zero) prohibits the principal from creating any registry objects.
Each time a principal creates a registry object, the principal’s object creation quota is
decremented by 1. When the object creation quota reaches 0, the principal is prohibited
from creating registry objects unless you reset the object creation quota to a number
other than 0 by using the dcecp principal modify command. Note that, when an object
that is created by a principal is deleted, the principal’s object creation quota is not
incremented.
Use the dcecp principal show command to view principals’ current object creation
quotas. This command displays the total number of objects that the principal is allowed
to create at the current time; that is, the original quota minus the number of objects
created by the principal.
124243 Tandem Computers Incorporated 303