VMS Help DCE_SECURITY, Admin Intro, rgy_edit, account_commands, cell *Conan The Librarian (sorry for the slow response - running on an old VAX) |
ce[ll] cellname [-ul unix_num] [-uf unix_num] [-gl gname] [-ol oname] [-gf gname] [-of oname] [-mp passwd] [-fa name] [-fp passwd] [-q quota] [-x account_expiration_date | none] Creates a cross-cell authentication account in the local and foreign cells. This account allows local principals to access objects in the foreign cell as authenticated users and vice versa. The admin- istrator in the foreign cell must have also set up a standard account, whose ID and password the administrator of the foreign cell must supply to you. The cellname variable specifies the full pathname of the foreign cell with which you will establish the cross-cell authentication account. This name is stripped of the path qualifier and prefixed with "krbtgt." The resulting name is used as the primary name for the cross-cell authentication account. For example, if you enter /.../dresden.com, the principal name is krbtgt/dresden.com. The -ul option specifies the UNIX number for the local cell's principal. The -uf option specifies the UNIX number for the foreign cell's principal. If you do not specify these UNIX numbers, they are generated automatically. The -gl and -ol options specify the local account's group and organization. The -gf and -of options specify the foreign account's group and organization. The -mp option specifies the password of the person who invoked rgy_edit. The -fa option specifies the name identifying the account in the foreign cell, and the -fp option specifies the account's password. The -q option specifies the total number of objects that can be created in your cell's registry by all foreign users who use the cross-cell authentication account to access your cell. The object creation quota defaults to 0 (zero), meaning that principals in the foreign cell cannot create objects in the local cell. The object creation quota set for your cell's account in the foreign cell places the same restriction on the number of objects that your cell's principals can create in the foreign cell's registry. The -x option specifies the account expiration date for both the local and foreign accounts. The default for this option is "none." Note that the object creation quota for the local account defaults to 0 (zero), meaning that principals in the foreign cell cannot create objects in the local cell. You can change this with the rgy_edit change subcommand.
|