OSF DCE Administration Guide--Core Components
Performing Routine Maintenance
You can perform a secval ping operation on the local host or you can supply an
argument to operate on a remote host. Because remote hosts might use different security
servers, performing secval ping operations on remote hosts provides a way to test the
authenticity of other security servers operating in a cell.
The following example illustrates a secval ping operation to the secval process on
remote host charon:
dcecp> secval ping /.:/hosts/charon/config/secval
1
36.5 Backing Up and Restoring the Registry Database
Use the exact procedures that are described here to back up the registry database to
prevent backups from arriving at the master during the backup.
Only the master replica database and its master key file need to be backed up. Use the
procedures that are described in the following subsections when you back up the entire
disk on which the master replica and its master key are stored, and when you back up
only the master’s database files and its master key file.
36.5.1 Procedures for Backing Up the Registry Database
To run the backup procedures, ensure that you are logged into DCE via an administrative
account. Then, run the DCE control program to do the backup. The backup steps are as
follows:
1. Enter the registry disable command to set the master replica to the maintenance
state. The following command sets the master registry in the cell giverny.com to
maintenance state:
dcecp> registry disable /.../giverny.com/subsys/dce/sec/master
Setting the master replica to the maintenance state causes the master to save its
database to disk and refuse all updates.
2. Back up the master registry by backing up either the entire volume or the
dcelocal/var/security/rgy_data tree (the registry) and the
dcelocal/var/security/.mkey file, which is the file that contains the master key
used to encrypt all keys in the registry. Note that, because the
dcelocal/var/security/.mkey file contains the master key, restoring a backup of
the registry database is useless unless the dcelocal/var/security/.mkey file is also
restored.
The exact commands that are used for the backup are a matter of personal
preference. However, if you write both the database and the master key file to the
124243 Tandem Computers Incorporated 36− 11