OSF DCE Administration Guide--Core Components
Administering a Multicell Environment
Because cell A trusts cell B’s authentication service, it allows authenticated access to all
principals whose authentication is guaranteed by cell B’s authentication service. These
authenticated principals include principals from cell B and principals from cell B/C.
33.1.3 Establishing Trust Relationships
Use the registry connect command to establish direct trust and transitive trust
relationships. Note that, although you can create a direct trust relationship between any
two cells, you can create a transitive trust relationship only for those cells connected by
a transitive trust path.
This command creates two special accounts: one in your cell’s registry to represent the
foreign cell, another in the foreign cell’s registry to represent your cell. The command
creates the accounts’ principals at the same time. Once the trust relationship is
established, users in the foreign cell can log into accounts in the local cell and vice
versa. You control foreign principals’ access to specific objects with ACL entries, just as
you do for principals in the local cell.
When the accounts are created, the registry connect command performs two tasks that
you should be aware of. First, it automatically generates one password that is shared by
both accounts. This means that users who log into a cell with which their cell has a trust
relationship are seen as the same principal and share the same password. Second, the
registry modify command generates a UNIX number that is shared by all principals that
are in a given foreign cell. This shared UNIX number helps prevent collision between
the UNIX numbers of local and foreign principals when objects on a local machine are
accessed.
Within the registry and for the purposes of network access, principals are identified by a
UUID that represents their fully qualified names; for example,
/.../dresden.com/dce/users/mahler for the principal mahler. However, the local
operating system on a local machine identifies principals by UNIX number. Because
UNIX numbers are not required to be unique across cells, it is possible for two principals
from different cells to have the same UNIX number. Thus, a foreign principal that is
accessing files in the local cell could have the same UNIX number as the local principal
and be seen by the local system as the owner of the local user’s files on the local
machine.
Creating a UNIX number that is applied to every principal from a given cell that
accesses the local cell prevents this from occurring. However, you need to be aware
that, because the foreign users all have the same UNIX number, the very feature that
prevents them from accessing the local user’s files allows them to access each other’s
files. Because each user from the same foreign cell is seen as the same user, every file
on the local machine that is owned by a foreign user can be accessed by every other
foreign user from the same foreign cell.
124243 Tandem Computers Incorporated 33−3