OSF DCE Administration Guide--Core Components
Troubleshooting Procedures
TABLE 40-2. Registry Policy Changes Made by the Security Server
_______________________________________________________________
If the security server finds the... It changes the....
_______________________________________________________________
_______________________________________________________________
Account Lifespan is set to less than
the difference between the
locksmith account creation date
and the current time plus 1 hour
Account Lifespan to the current
time plus 1 hour minus the
locksmith account creation date
_______________________________________________________________
Password Expiration Date is set to
greater than the time the password
was last changed but less than the
current time plus 1 hour
Password Expiration Date to the
current time plus 1 hour
_______________________________________________________________
40.2.2 Starting a Security Server in Locksmith Mode
Use the following form of the secd command to start a security server in locksmith
mode:
dcelocal/bin/secd [-locksm[ith] pname [-lockpw][-rem[ote]]]
where:
-locksm[ith] Starts a security server in locksmith mode.
pname Specifies the name of the locksmith principal. If no registry account
exists for this principal, secd creates one.
-lockpw Prompts for a new locksmith password. This option allows you to
specify a new password for the locksmith account when the old one
is unknown.
-rem[ote] Allows the locksmith principal to log in remotely. If this option is
not used, the principal must log in from the local machine on which
secd will be started.
40.2.3 Restarting a Security Server in Locksmith Mode
To restart a security server in locksmith mode, perform the following steps on the node
on which the master replica is running. You must have root access to this node.
1. Shut down the security server.
a. If you cannot log in with administrative privileges and access dcecp to shut
down the server, log in as root on the machine on which the server is
running and kill the security server process.
124243 Tandem Computers Incorporated 40−3