sec_create_db(1m) OSF sec_create_db(1m)
NAME [Toc] [Back]
sec_create_db - registry database creation utility
SYNOPSIS [Toc] [Back]
sec_create_db {-master | -slave} -my[name] my_server_name
[-cr[eator] creator_name]
[-cu[nix_id] creator_unix_id]
[-g[roup_low_id] g_unix_id]
[-k[eyseed] keyseed]
[-ma[x_unix_id] max_unix_id]
[-o[rg_low_unix_id] o_unix_id] [-pa[ssword] default_password]
[-p[erson_low_unix_id] p_unix_id]
[-u[uid cell_uuid]
[-v[erbose]]
OPTIONS [Toc] [Back]
{-master | -slave}
Specifies whether the database for the master replica should
be created (-master) or a database for a slave replica
should be created (-slave). All other sec_create_db options
can be used with the -master option. Only the -myname, -
keyseed, and -verbose options can be used with the -slave
option.
-my[name] Specifies the name that will be used by the Directory
Service to locate the machine on which the cell's Security
Server is running.
-cr[eator]
Specifies the principal name of the initial privileged user
of the registry database (known as the "registry creator").
-cu[nix_id]
Specifies the UNIX ID of the initial privileged user of the
registry database. If you do not enter the UNIX ID, it is
assigned dynamically.
-g[roup_low_unix_id]
Specifies the starting point for UNIX IDs automatically
generated by the Security Service when groups are added with
the rgy_edit command.
k[eyseed] Specifies a character string used to seed the random key
generator in order to create the master key for the database
you are creating. It should be string that cannot be easily
guessed. The master key is used to encrypt all account
passwords. Each instance of a replica (master or slave) has
its own master key. You can change the master key using the
sec_admin command.
Hewlett-Packard Company - 1 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_create_db(1m) Open Software Foundation sec_create_db(1m)
ma[x] Specifies the highest UNIX ID that can be assigned to a
principal, group, or organization.
-o[rg_low_unix_id]
Specifies the starting point for UNIX IDs automatically
generated by the Security Service when organizations are
added with the rgy_edit command.
-pa[ssword]
The default password assigned to the accounts created by
sec_create_db, including the account for the registry
creator. If you do not specify a default password, -dce- is
used. (Note that the hosts/local_host/self none none,
krbtgt/cell_name none none, and nobody none none accounts
are not assigned the default password, but instead a
randomly generated password.)
-p[erson_low_unix_id]
Specifies the starting point for UNIX IDs automatically
generated by the Security Service when principals are added
with the rgy_edit command.
-u[uid] Specifies the cell's UUID. If you do not enter this UUID,
it is assigned dynamically.
-v[erbose]
Specifies that sec_create_db runs in verbose mode and
displays all activity.
DESCRIPTION [Toc] [Back]
The sec_create_db tool creates new master and slave databases in
dcelocal/var/security/rgy_data on the machine from which sec_create_db
is run. Normally, these databases are created only once by the system
configuration tool, dce_config. However, you can use sec_create_db if
you need to re-create the master or a slave databse from scratch. You
must be root to invoke sec_create_db.
The sec_create_db -master option creates the master database on the
machine on which it is run. This database is initialized with names
and accounts, some of them reserved. You must use the rgy_edit command
to populate the database with objects and accounts.
When the master registry database is created, default ACL entries for
registry objects are also created. These entries give the most
privileged permission set to the principal named in the -cr[eator]
option. If the principal is not one of the reserved names and
accounts, sec_create_db adds it as a new principal and adds an account
for that new principal. If the -cr option is not used, root is the
creator.
Hewlett-Packard Company - 2 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_create_db(1m) Open Software Foundation sec_create_db(1m)
The sec_create_db -slave option creates a slave database on the
machine on which it is run. This command creates a stub database on
the local node in dcelocal/var/security/rgy_data and adds the newly
created replica to the master's replica list. The master then marks
the replica to be initialized when a Security Server is started on the
slave's node.
The sec_create_db command also creates a registry configuration file,
named dcelocal/etc/security/pe_site, that contains the network address
of the machine on which the database is created. This file supplies
the binding address of the secd master server if the Naming Service is
not available.
FILES [Toc] [Back]
/dcelocal/etc/security/pe_site
The file containing the network address of the machine on
which the security database is created.
/dcelocal/var/security/rgy_data
The directory in which the registry database files are
stored.
RELATED INFORMATION [Toc] [Back]
Commands: secd(1m), sec_admin(1m)
Hewlett-Packard Company - 3 -OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96 [ Back ] |