OSF DCE Application Development Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series

571

572

573

574

575

576

577

578

579

580

The Registry API

• principal

Contains principal names; each name is associated with account information that is

also speciﬁed here (for example, the name of the primary group)

• group

Contains groups and the names of their member principals

• organization

Contains organizations and the names of their member principals

These three objects are referred to as name domains, and each member of a domain is

referred to as a PGO item. Principal items are contained in the principal domain, groups

in the group domain, and organizations in the organization domain. A principal may

have a name such as /rd/writers/tom, from which you might infer that tom is a member

of the group writers and the organization rd. However, this is not the case because the

name /rd/writers/tom only indicates that tom and the data corresponding to the account

of this principal (if any) reside in /rd/writers in the principal domain. There may also be

a group named /rd/writers in the group domain, but the principal tom is not a member

unless he is explicitly named in the group /rd/writers in the group domain.

Each PGO item consists of a print string name, a UUID, and a UNIX number (for

compatibility with UNIX system security interfaces). For various administrative reasons,

it is frequently convenient to be able to refer to a PGO item by more than one name.

Consequently, some PGO items are aliases for other items. An alias uses the same UUID

and UNIX number as the PGO item to which it refers, but contains only a pointer to that

item.

The registry also contains the rgy object, which describes registry properties and

policies, and organization policies.

27.2.1 Creating and Maintaining PGO Items

The PGO items in the registry database are created and maintained with routines that are

preﬁxed with sec_rgy_pgo_. The contents of a PGO item vary with the domain. If the

domain is group or organization, the contents are the membership list of principal

names. If the domain is principal, the contents are the data corresponding to the registry

account using that name.

The sec_rgy_pgo_*() interface contains the following calls for maintaining the PGO

trees:

• sec_rgy_pgo_add( )

Adds a PGO item

• sec_rgy_pgo_delete()

Deletes a PGO item

• sec_rgy_pgo_rename( )

124245 Tandem Computers Incorporated 27−3