OSF DCE Administration Guide--Core Components
Administering a Multicell Environment
TABLE 33-1. Default Attribute Values of Cross-Cell Authorization Principals and Accounts
_________________________________________________________________________
Information Meaning
_________________________________________________________________________
_________________________________________________________________________
The local cell name for the local cell’s account, or foreign
cell name for the foreign cell’s account stripped of its full
pathname and prefixed with krbtgt.
Account Principal Name
_________________________________________________________________________
fullname The cell’s pathname.
_________________________________________________________________________
Set to none. This quota applies to all principals who use
the cross-cell authentication accounts to access objects in
foreign cells. For example, if you change the object
creation quota to 10, the total number of objects that can
be created in your cell’s registry by all foreign users who
use the account to access your cell cannot exceed 10. It
is not 10 per foreign principal. The object creation quota
that is set for your cell’s account in the foreign cell places
the same restriction on the number of objects that your
cell’s principals can create in the foreign cell’s registry.
quota
_________________________________________________________________________
description, home, shell Set to blank.
_________________________________________________________________________
Set to yes; that is, the account is a server that can engage
in authenticated communications.
server
_________________________________________________________________________
client Set to no.
_________________________________________________________________________
pwdvalid Set to yes (valid).
_________________________________________________________________________
acctvalid Set to no (not valid).
_________________________________________________________________________
Set to yes; that is, the account can be issued tickets with a
start time in the future.
postdatedtkt
_________________________________________________________________________
Set to yes; that is, the account can be issued a new
ticket-granting ticket with a network address that is
different than the present ticket-granting ticket.
forwardabletkt
_________________________________________________________________________
Set to yes; that is, the account’s tickets can be renewed.renewabletkt
_________________________________________________________________________
Set to yes; that is, the account can be issued tickets with a
different network address than the present tickets.
proxiabletkt
_________________________________________________________________________
Set to yes; that is, the account’s ticket can have duplicate
keys.
dupkey
_________________________________________________________________________
goodsince Set to the date that the account was created.
_________________________________________________________________________
maxtktlife Set to the registry policy.
_________________________________________________________________________
maxtktrenew Set to the registry policy.
_________________________________________________________________________
33.3 Modifying Cross-Cell Authentication Accounts
You can change the account that is created by the registry connect command at any
time using the standard dcecp account operations. However, you should be aware of the
124243 Tandem Computers Incorporated 33− 11