Manualshelf

OSF DCE Administration Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
391392393394395396397398399400
Chapter 31. Creating and Maintaining Accounts
All principals have two identities: a network identity that provides the ability to access
DCE objects on machines across the network, and a local identity that provides the
ability to access objects on the local machine. The two identities exist in tandem, but
independently of each other. A principal’s network identity is defined by an account in
the network registry. A principal’s local identity is defined by local data, such as entries
in the /etc/passwd and /etc/group files that are stored on the local machine. If the
passwd_export command is used to update the /etc/passwd and /etc/group files with
data that is stored in the local registry, local identity data is derived from information that
is stored in the network registry.
Registry accounts define a network identity by associating a principal with a group, an
organization, and related account information, such as the password that is used to
authenticate a principal’s identity. You must create a registry account for any principal
that engages in communications across the network, regardless of whether the
communications are authenticated. The principals for which you must create registry
accounts are as follows:
Each human user who accesses objects across the network; this probably includes all
human users unless you are specifically restricting a user to the local machine.
Each server that accesses objects across the network and runs under its own identity,
not the identity of the principal who started it.
Each machine in the network.
Any cell with which you engage in authenticated cross-cell communications.
(Accounts for cross-cell authentication are special types of accounts that are
described in Chapter 33.
This chapter describes
Each type of account and how to create and maintain it
How accounts are authenticated and how to display privilege attributes and tickets
How to create and maintain the keytab file that stores keys for server principals
How to maintain the local registry
124243 Tandem Computers Incorporated 311