Manualshelf

OSF DCE Administration Guide--Introduction

ManualsBrandsHP ManualsServerHP NonStop G-Series
31323334353637383940
Global and Cell Considerations
object’s fully qualified pathname, as shown in the following example:
/.:/sec/principal/smith
and not simply the following:
smith
The following parts of the namespace comprise the Security namespace:
/.:/sec/principal
/.:/sec/group
/.:/sec/org
/.:/sec/policy
2.2.4 CDSNamespace Replication Considerations
Directory replication is the most reliable way to back up the information in your CDS
namespace. Because the CDS data is replicated by directory, when you replicate a
directory, all of the entries in it are automatically replicated. Use the dcecp program to
create replicas of directories at a CDS clearinghouse. Clearinghouses need to be created
in the root directory (/.: ) of the cell namespace.
Follow these guidelines for replicating parts of the cell namespace:
The root (/.: ) is automatically replicated when you create a clearinghouse.
You should have at least two copies of each CDS directory to ensure the entire
namespace is available at all times. For further information about backing up CDS
information, see the .
2.3 Planning for Access Control
When planning for access control, it is important to keep the level of access control in
your cell restrictive enough to ensure that security is maintained. A special set of
individuals or a special group can be given permission to create accounts and groups in
the root directory of the Security space. A group called acct-admin is created when you
configure DCE. The acct-admin group is the only group that can create accounts and
groups in the root directory of the Security space.
While maintaining an adequate level of security in your cell, you also need to consider
the requirements of administrators who are maintaining DCE services when you set
access control levels. For example, if one person is responsible for administration of
DFS in your cell, that person may need to add servers to the Security and CDS
namespaces. On the other hand, an administrator responsible for the Security Service
124244 Tandem Computers Incorporated 2 11