Manualshelf

OSF DCE Administration Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
481482483484485486487488489490
OSF DCE Administration Guide—Core Components
Some of the objects that were initially created by sec_create_db are reserved and cannot
be deleted. These are indicated in the following list.
The reserved principals are as follows:
dce-ptgt
krbtgt/cell_name
dce-rgy
The reserved group is none.
The reserved organization is none.
The reserved accounts are as follows:
dce-ptgt none none
krbtgt/cell_name none none
dce-rgy none none
When you run the sec_create_db command to create the master registry database, you
can name the principal who has the most privileged access to the registry. This person is
known as the registry creator. If the registry creator you name is not one of the default
principals, sec_create_db adds the account rgy_creator none none, where rgy_creator
is the principal you named as the registry creator. If you do not name a registry creator,
sec_create_db assigns the most privileged registry access to the root system none
account.
With one exception, all of the accounts created by the sec_create_db command are
assigned randomly generated passwords and are marked as invalid. Before these
principals can log into these accounts, you must change the account passwords and mark
the accounts as valid. You can do this by using the dcecp account modify command or
rgy_edit change command. Chapter 31 provides instructions for using the dcecp
account modify command to change all of the attributes for a principal’s account in the
registry, including the principal’s password. Also, both commands have options to
randomly generate new passwords.
However, the exception is that the account created for the registry creator is valid and is
assigned the DCE default password (-dce-). Change the default password to ensure the
security of the registry creator account.
In addition to the group memberships implied by the accounts that are created by
sec_create_db, the principals are also made members of the groups listed in Table 38-2.
38 6 Tandem Computers Incorporated 124243