OSF DCE Administration Guide--Core Components
Chapter 35. Maintaining Policies and Properties
Registry polices are attributes that can be set registry wide. To provide a finer lever of
control, policies can also be set for individual organizations and accounts. An
organization’s or account’s policies can override the registry default policies if the
organization’s or account’s policies are more restrictive.
Registry properties are attributes that apply to the principals, groups, and organizations
created in the registry. They cannot be set for individual organizations or accounts.
Properties regulate such things as the range of numbers that can be used for UNIX IDs
and whether encrypted passwords are displayed.
You can set both polices and properties with the dcecp registry modify command. In
addition, you can set policies for an individual organization or account with the dcecp
organization modify and dcecp account modify commands. In all commands, policies
and properties to be set are supplied as attributes in standard dcecp attribute lists with the
-change option or as attribute options.
This chapter first describes policies and then properties.
35.1 Policies
You can set policies for the following:
• The registry as a whole with the dcecp registry modify command. The policies thus
apply to all principals, groups, and organizations unless a stricter policy is set for
specific organizations or accounts.
• Specific organizations with the dcecp organization modify command.
• Specific accounts with the dcecp account modify command.
There are two types of policies: standard policy and authentication policy.
124243 Tandem Computers Incorporated 35−1