OSF DCE Administration Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series

381

382

383

384

385

386

387

388

389

390

Creating and Maintaining Principals, Groups, and Organizations

_______________________________________________________________________________________

The required UNIX ID that is associated with the principal.

You can enter this number explicitly or allow it to be

generated automatically. If you enter it, the number you enter

cannot exceed the maximum allowable UNIX number (the

maxuid attribute) set with the registry modify command;

however, you can enter a number lower than the low UNIX

number (the minuid attribute) set for principals with the

registry modify command. If you allow the number to be

assigned automatically, it falls in the range deﬁned by the low

UNIX number and maximum UNIX number.

-uid integer

_________________________________________________________________________

The number of registry objects that can be created by the

principal, known as the principal’s object creation quota.To

allow a principal to create an unlimited number of registry

objects, enter the text string unlimited to set no quota. To

prevent a principal from creating any registry objects, enter a

0. The quota argument defaults to unlimited.

-quota quota

_________________________________________________________________________

Note: In addition to these standard principal attributes, you can also attach ERA

instances to principals to control such aspects of DCE security as

preauthentication, password strength and password generation, and

handling of invalid logins. See Section 30.6 for information on these

‘‘well-known’’ ERAs. See Chapter 32 for information on ERAs in general.

30.5.1 Adding Principals

To add principals to the registry, use the principal create command. For example, the

following sample command creates a principal with a primary name of mahler and a full

name of gustav mahler:

dcecp> principal create mahler -fullname {gustav mahler} -quota 5

In the example, the UNIX number defaults to one that is generated automatically.

Notice that, because the full name (gustav mahler) assigned to the principal contains a

space, it is enclosed in braces.

Note that it is possible to create multiple principals with one principal create command.

To do so, enclose the principal names in braces, separated by spaces. For example, to

create the principals bach, britten, mahler, and satie, you could enter the following:

dcecp> principal create {bach britten mahler satie}

If you create multiple principals, you must allow the principal’s UNIX ID to default to

the system assigned ID. This is because, if you include an attribute option in the

command line, that attribute value is assigned to each principal. For example, the

following sample command creates the principals bach, britten, mahler and assigns

each an object creation quota of 5.

124243 Tandem Computers Incorporated 30−5