VMS Help
DCE_SECURITY, Admin Intro, sec_create_db

 *Conan The Librarian (sorry for the slow response - running on an old VAX)

 NAME
   sec_create_db - registry database creation utility

 SYNOPSIS

   sec_create_db {-master | -slave} -my[name] my_server_name
                 [-cr[eator] creator_name]
                 [-cu[nix_id] creator_unix_id]
                 [-g[roup_low_id] g_unix_id]
                 [-k[eyseed] keyseed]
                 [-ma[x_unix_id]  max_unix_id]
                 [-o[rg_low_unix_id] o_unix_id]
                 [-pa[ssword] default_password]
                 [-p[erson_low_unix_id] p_unix_id]
                 [-u[uid cell_uuid]
                 [-v[erbose]]

 OPTIONS

   {-master | -slave}
             Specifies whether the database for the master replica should
             be created (-master) or a database for a slave replica should
             be created (-slave).  All other sec_create_db options can be
             used with the -master option.  Only the -myname, -keyseed,
             and -verbose options can be used with the -slave option.

   -my[name] Specifies the name that will be used by the Directory Service
             to locate the machine on which the cell's Security Server is
             running.

   -cr[eator]
             Specifies the principal name of the initial privileged user of
             the registry database (known as the "registry creator").

   -cu[nix_id]
             Specifies the UNIX ID of the initial privileged user of the
             registry database. If you do not enter the UNIX ID, it is
             assigned dynamically.

   -g[roup_low_unix_id]
             Specifies the starting point for UNIX IDs automatically
             generated by the Security Service when groups are added with
             the rgy_edit command.

   k[eyseed] Specifies a character string used to seed the random key
             generator in order to create the master key for the database
             you are creating. It should be string that cannot be easily
             guessed. The master key is used to encrypt all account pass-
             words.  Each instance of a replica (master or slave) has its
             own master key.  You can change the master key using the
             sec_admin command.

   ma[x]     Specifies the highest UNIX ID that can be assigned to a
             principal, group, or organization.

   -o[rg_low_unix_id]
             Specifies the starting point for UNIX IDs automatically
             generated by the Security Service when organizations are
             added with the rgy_edit command.

   -pa[ssword]
             The default password assigned to the accounts created by
             sec_create_db, including the account for the registry creator.
             If you do not specify a default password, -dce- is used.
             (Note that the hosts/local_host/self none none,
             krbtgt/cell_name none none, and nobody none none accounts are
             not assigned the default password, but instead a randomly
             generated password.)

   -p[erson_low_unix_id]
             Specifies the starting point for UNIX IDs automatically
             generated by the Security Service when principals are added
             with the rgy_edit command.

   -u[uid]   Specifies the cell's UUID.  If you do not enter this UUID, it
             is assigned dynamically.

   -v[erbose]
             Specifies that sec_create_db runs in verbose mode and displays
             all activity.

 DESCRIPTION

   The sec_create_db tool creates new master and slave databases in
   DCE$LOCAL:[VAR.SECURITY.RGY_DATA] on the machine from which
   sec_create_db is run. Normally, these databases are created only
   once by the system configuration tool, dce_config.  However, you
   can use sec_create_db if you need to re-create the master or a slave
   database from scratch.  You must be privileged to invoke sec_create_db.

   The sec_create_db -master option creates the master database on the
   machine on which it is run.  This database is initialized with names
   and accounts, some of them reserved. You must use the rgy_edit command
   to populate the database with objects and accounts.

   When the master registry database is created, default ACL entries for
   registry objects are also created.  These entries give the most
   privileged permission set to the principal named in the -cr[eator]
   option. If the principal is not one of the reserved names and accounts,
   sec_create_db adds it as a new principal and adds an account for that
   new principal.   If the -cr option is not used, DCE$SERVER is the
   creator.

   The sec_create_db -slave option creates a slave database on the machine
   on which it is run. This command creates a stub database on the local
   node in DCE$LOCAL:[VAR.SECURITY.RGY_DATA] and adds the newly created
   replica to the master's replica list.  The master then marks the replica
   to be initialized when a Security Server is started on the slave's node.

   The sec_create_db command also creates a registry configuration file,
   named DCE$LOCAL:[ETC.SECURITY]PE_SITE.;, that contains the network
   address of the machine on which the database is created.  This file
   supplies the binding address of the secd master server if the Naming
   Service is not available.

 FILES

   DCE$LOCAL:[ETC.SECURITY]PE_SITE.;
             The file containing the network address of the machine on
             which the security database is created.

   DCE$LOCAL:[VAR.SECURITY.RGY_DATA]
             The directory in which the registry database files are stored.
  Close     HLB-list     TLB-list     Help  

[legal] [privacy] [GNU] [policy] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.