OSF DCE Administration Guide--Core Components
Creating and Maintaining Accounts
means that it is generally not necessary to run kdestroy at logout.
The kdestroy command is described on the kdestroy(8sec) reference page.
31.5 Adding Accounts
Use the dcecp account create command to add accounts to the registry. Information
that is associated with accounts falls roughly into the following two categories:
• User information similar to that typically found in the /etc/passwd file.
• Authentication policy that lets you control the account’s access to the network.
Authentication policy establishes account and password validity, account expiration
policy, and ticket expiration policy. The tighter you control authentication policy,
the more secure your cell is, but the more processing overhead you can accrue.
Both types of information are supplied as attributes in standard dcecp attribute lists or as
attribute options.
Note that authentication policy can also be set for the registry. If the registry policy
differs from the policy that you enter for an account, the stricter policy applies. (See
Chapter 35 for more information on contradictory policy.)
Table 31-1 lists the attribute options used to create accounts. Note that the options
described in this table can also be supplied without the dashes in attribute lists.
TABLE 31-1. Attribute Options to Create Accounts
__________________________________________________________________
Option Meaning
__________________________________________________________________
__________________________________________________________________
A flag that determines account validity. If you
set this flag to no, the account is invalid and the
account principal cannot log into the account.
The default is yes.
-acctvalid {yes|no}
__________________________________________________________________
A flag that indicates whether or not the account is
for a principal that can act as a client. If you set
this flag to yes, the principal is able to log into the
account and acquire tickets for authentication.
The default is yes.
-client {yes|no}
__________________________________________________________________
A text string in Portable Character Set (PCS)
format that is typically used to describe the use of
the account. No default.
-description string
__________________________________________________________________
A flag that determines if tickets issued to the
account’s principal can have duplicate keys. The
default is no.
-dupkey {yes|no}
__________________________________________________________________
124243 Tandem Computers Incorporated 31−7