VMS Help  —  DCE  DCE_SECURITY, Admin Intro
 NAME

    sec_intro - Introduction to the DCE Security administrative commands

 DESCRIPTION

 This section describes DCE Security commands for system administration.
 These commands are:

 acl_edit   Manages Access Control Lists (ACLs) for DCE objects

 auditd     Starts the DCE Audit Daemon

 chpass     Changes user information, such as login name, password, home
            directory, password and account expiration dates,and login
            shell. The implementation of this utility is platform-
            specific. Use the chpass utility supplied your platform vendor
            for changing user information.

 dce_login  Validates a principal's identity and obtains a principal's
            network credentials.  This command is used primarily during
            DCE configuration. Use the login utility supplied by your
            platform vendor for user login.

 kdestroy   Destroys your login context and credentials

 kinit      Obtains and caches a ticket granting ticket

 klist      Lists cached tickets

 passwd_export
            Updates local password and group files from DCE registry data

 passwd_import
            Creates DCE registry entries based on password and group file
            entries

 passwd_override
            Establishes DCE registry overrides for a principal on a local
            node

 pwd_strengthd
            Sample password management server

 rgy_edit   Edits the registry database

 sec_admin  Administers the Security Server

 sec_create_db
            Creates registry databases

 secd       The Security Server daemon

 sec_salvage_db
            Reconstructs or recovers a registry database

 See the command's reference page for further information on each command.

1  –  acl_edit

 NAME

    acl_edit - Edits or lists an object's ACLs

 SYNOPSIS

     acl_edit {[-e] pathname | -addr string_binding component_name}
               [-ic | -io] [-n | -c] [command_line_subcommands] [-ngui]
               [-v]

 OPTIONS

     -e pathname    Specifies that the ACL on the Directory Service
                    entry is to be edited.  You must specify the
                    pathname argument if you use the -e option.  The
                    -e option is especially useful in case of an
                    ambiguous pathname.  The pathname argument can be
                    interpreted in two ways if it is the name of a
                    leaf object in the Directory Service (that is, if
                    it is not the name of a directory).  It can be
                    interpreted as the Directory Service entry itself,
                    or as the object (whatever it is) referenced by
                    that Directory Service entry.  When such a path-
                    name is specified, the -e option directs acl_edit
                    to the ACL on the Directory Service entry.

     -addr string_binding component_name
                    The -addr option lets you identify the object
                    whose ACLs you want to edit by supplying the RPC
                    binding handle of the ACL Manager that controls
                    access to the object (with the string_binding
                    argument) and the relative pathname of the object
                    (with the component_name argument).  Because you
                    have identified the RPC binding handle, you can
                    specify only the object's relative pathname for
                    component_name.  The most common way to identify
                    the object whose ACLs you want to manipulate
                    is through the pathname argument,described below.
                    The -addr option is used primarily by applications
                    that do not use the Directory Service, but do use
                    the generic ACL Manager.  It can also be used if
                    the Directory Service is unavailable.

     -ic            For container objects only, specifies that the
                    object's Initial Container Creation ACL is to be
                    edited.  The Initial Container Creation ACL is
                    applied by default to any containers created
                    within the ACL'd container. If this option is
                    specified and the object named in pathname is not
                    a container, an error is returned.

     -io            For container objects only, specifies that the
                    object's Initial Object Creation ACL is to be
                    edited. The Initial Object Creation ACL is applied
                    by default to any simple objects (that is, objects
                    that are not containers) created within the ACL'd
                    container.  If this option is specified and the
                    object is not a container, an error is returned.

     -n             Specifies that a new mask should not be calculated.
                    This option is useful only for objects that
                    support the mask_obj entry type and that are
                    required to recalculate a new mask after they are
                    modified.  If a modify operation creates a mask
                    that unintentionally adds permissions to an
                    existing acl entry, the modify causing the mask
                    recalculation will abort with an error unless you
                    specify either the -c or -n option.

     -c             Creates or modifies the object's mask_obj type
                    entry with permissions equal to the union of all
                    entries other than type user_obj, other_obj, and
                    unauthenticated.  This creation or modification is
                    done after all other modifications to the ACL are
                    performed.  The new mask is set even if it grants
                    permissions previously masked out. It is
                    recommended that you use this option only if not
                    specifying it results in an error. This option is
                    useful only for objects that support the mask_obj
                    entry type and are required to recalculate a new
                    mask after they are modified.  If a modify
                    operation creates a mask that unintentionally adds
                    permissions to an existing acl entry, the modify
                    causing the mask recalculation will abort with an
                    error unless you specify either the -c or -n option.
                    If you specify the -c option for an ACL that does
                    not support mask_obj entry type, acl_edit returns
                    an error when it attempts to save the ACL, aborting
                    all subcommands supplied on the command line.

     -ngui          Specifies that a Graphical User Interface (GUI)
                    should not be used even if a GUI is available.
                    If your version of acl_edit supports a GUI and
                    your terminal is capable of using it, invoking
                    acl_edit without this option will bring up the GUI
                    mode.  Use the -ngui option to bring up command-
                    line mode.  However, if a GUI is not available, or
                    the terminal is not capable of using the GUI,
                    acl_edit comes up in command-line mode regardles
                    of wheter you supply this option or not.

     -v             Run in verbose mode.

 ARGUMENTS

     pathname       The full pathname of the object whose ACL is to be
                    viewed or edited. If the object is in another
                    cell, pathname must be fully qualified to include
                    the cell identifier.

     command_line_subcommands
                    The command-line subcommands, which act on the
                    object specified by pathname, are entered as part
                    of the command string that invokes acl_edit. Only
                    one command-line subcommand can be specified per
                    invocation.  The commands follow.  See the
                    description of the equivalent interactive
                    subcommand for a more detailed description of the
                    command functions.

   	             -m [acl_entry] acl_entry...
                             Adds a new ACL entry or changes the
                             permissions of an existing entry. You
                             can enter multiple entries, each
                             separated by a space.

                      -p     Purges all masked permissions (before
                             any other modifications are made).  This
                             option is useful only for ACLs that
                             contain an entry of type mask_obj.  Use it
                             to prevent unintentionally granting
                             permissions to an existing entry when a
                             new mask is calculated as a result of
                             adding or modifying an ACL entry.

                      -d [acl_entry] acl_entry...
                             Deletes an existing entry from the ACL
                             associated with the specified object.
                             You can enter multiple entries, each
                             separated by a space.

                      -s [acl_entry] acl_entry...
                             Replaces (substitutes) the ACL information
                             associated with this object with
                             acl_entry. All existing entries are
                             removed and replaced by the newly
                             specified entries. If you specify the -s
                             subcommand, you cannot specify the -f or
                             -k subcommand.  You can enter multiple
                             entries, each separated by a space.

                      -f     file Assigns the ACL information contained
                             in file to the object. All existing entries
                             are removed and replaced by the entries
                             in the file. If you specify the -f sub-
                             command, you cannot specify the -s or -k
                             subcommand.

                      -k     Removes all entries, except entries of
                             type user_obj (if they are present).
                             If you specify the -k subcommand, you
                             cannot specify the -f or -s subcommand.

                      -l      Lists the entries in the object's ACL.

 The command-line subcommands are evaluated in the following order:

              1.
               -p

              2.
               -s or -f or -k

              3.
               -d

              4.
               -m

              5.
               -l

 NOTES

 With the exception of the following subcommands, this command is
 replaced at Revision 1.1 by the dcecp command.  This command may be
 fully replaced by the dcecp command in a future release of DCE, and may
 no longer be supported at that time.

     +  abort

     +  commit

     +  exit

     +  help

     +  test access

 DESCRIPTION

 The acl_edit command is a client program that, when invoked, binds to
 the specified object's ACL Manager (which is implemented in the object's
 server), and allows the user to manipulate the object's ACL through the
 standard DCE ACL interface. This interface is the sec_acl_...()
 interface documented in the OSF DCE Application Development Reference.

 The acl_edit command automatically binds to the server of the object
 specified, and then communicates (through the standard DCE ACL
 interface) with that server's ACL manager in response to user input.

 Exactly what the object "specified" is depends partly on whether or not
 the -e option is specified. Specifying -e means that you want to operate
 on the Directory Service ACL - in other words, you want acl_edit to bind
 to the CDS server and allow you to operate on the ACL maintained by that
 server on the object's directory entry. If, on the the ACL on the object
 to which the directory entry refers - then you simply omit the -e
 option. The result will be that acl_edit will bind to that object's
 server (the server must, of course, implement an ACL manager), giving
 you access to the object's ACL.

 All acl_edit subcommands act on the object specified by pathname when
 you invoked acl_edit.  You can invoke acl_edit in either command-line or
 interactive mode:

   +  To invoke acl_edit in command-line mode, enter the command, the
      object's pathname, options, and the command-line subcommand on th
      line that invokes acl_edit. Only one command-line subcommand can be
      entered per acl_edit invocation.

   +  To invoke acl_edit in interactive mode, enter only acl_edit, the
      object's pathname, and options.  The acl_edit prompt is then
      displayed.  In this mode, you enter interactive subcommands that
      let you edit and view entries in the object's ACL and view help
      information about the acl_edit command itself.

 Changes you make in command-line mode are saved when you enter the
 command.

 In interactive mode, you must explicitly save your changes. To do so,
 use the commit subcommand to save the changes without exiting acl_edit
 or the exit subcommand to save the changes and exit acl_edit.  Use the
 abort subcommand to exit acl_edit and save none of the changes you have
 made. When you invoke acl_edit for a specific object's ACL, that ACL is
 not locked.  This means that it is possible for multiple users to edit
 the ACL simultaneously, with each change overwriting the previous
 changes. For this reason, the number of users assigned rights to change
 a particular ACL should be tightly controlled and limited to one user
 if possible.

 INTERACTIVE SUBCOMMANDS

 The following subcommands are available when acl_edit is invoked in
 interactive mode. All of the commands act on the ACL associated with the
 object specified by pathname when acl_edit was invoked.

 ?         Displays the available acl_edit subcommands.

 ab[ort]   Exits acl_edit without saving the changes to the object's ACL.

 as[sign] filename
           Applies the ACL entries in filename to the specified object.
           This subcommand removes existing entries and replaces them
  	  with the entries in the file.

 c[ell] name
           Sets the cell name to be associated with the ACL. This sub-
           command is used primarily to facilitate copying ACLs to
           different cells.  The default cell name stays in place until
           you run the subcommand again to change it.

 co[mmit]  Saves all changes to the ACL without exiting.

 d[elete] acl_entry
           Deletes the specified ACL entry.

 e[xit]    Exits from acl_edit, saving any changes to the object's ACL.

 g[et_access]
           Displays the permissions granted in the specified object's ACL
           to the principal that invoked acl_edit.

 h[elp] [command ...]
           Initiates the help facility.  If you enter only the command
           help, acl_edit displays a list of all commands and their
           functions.  If you enter help and a command (or commands
           separated by a space), acl_edit displays help information on
           the specified commands.  Entering help sec_acl_entry displays
           information about ACL entries.

 k[ill_entries]
           Removes all ACL entries except the user_obj entry if it
 	  exists.

 l[ist]    Lists the entries in the object's ACL.

 m[odify] acl_entry [-n | -c]
           Adds a new ACL entry or replaces an existing ACL entry.  This
           command affects a single ACL entry.  To add or replace all of
           an object's ACL entries, see the su[bstitute] subcommand.  For
           objects that support the mask_obj entry type and are required
           to calculate a new mask when their ACLs are modified, the -n
           option specifies that a new mask should not be calculated; the
           -c option specifies that the object's mask_obj entry should
           have permissions equal to the union of all entries other than
           user_obj, other_obj, and unauthenticated.  The mask is
           calculated after the ACL is modified.
           If you use the -c option, the new mask is set even if it
           grants permissions previously masked out. It is recommended
           that you use the -c option only if not specifying it results
           in an error.  If the new mask unintentionally grants
           permissions to an existing entry, the modify operation
           causing the mask recalculation will abort with an error
           unless you specify either the -c or -n option.

 p[ermissions]
           Lists the available permission tokens and explanations.

 pu[rge]   Purges all masked permissions.  This option is useful only
 	  for ACLs that contain an entry of type mask_obj.  Use it to
 	  prevent unintentionally granting permissions to an existing
 	  entry when a new mask is calculated as a result of adding or
 	  modifying an ACL entry.

 su[bstitute] acl_entry [acl_entry ...]
           Replaces all ACL entries with the one or ones specified.  This
           subcommand removes all existing entries and adds the ones
           specified by acl_entry.  To replace only a single ACL entry,
           see the m[odify] subcommand.

 t[est_access] [permissions ...]
           Tests whether or not the permissions specified in the command
           are granted to the principal under whose DCE identity the
           acl_edit command was invoked.  The option returns Granted if
           the permissions are granted or Denied if they are not.

 ACL ENTRIES

 An ACL entry has the following syntax:

     type[:key]:permissions

 where:

     type           Identifies the role of the ACL entry.

     key            Identifies the specific principal or group to whom
                    the entry applies. For an entry type of extended,
                    key contains the ACL data.

     permissions    The ACL permissions.

 A thorough description of each syntax component follows.

 Type          The type tag identifies the role of the ACL entry.
               Valid types are the following:

               + user_obj  - Permissions for the object's real or
                            effective user.

               + group_obj - Permissions for the object's real or
                             effective group.

               + other_obj - Permissions for others in the local cell
                             who are not otherwise named by a more
                             specific entry type.

               + user      - Permissions for a specific principal
                             user in the ACL's cell.  This type of
                             ACL entry must include a key that
                             identifies the specific principal.

               + group     - Permissions for a specific group in the
                             ACL's cell. This type of ACL entry must
                             include a key that identifies the
                             specific group.

               + foreign_user
                             Permissions for a specific, authenticated
                             user in a foreign cell. This type of ACL
                             entry must include a key that identifies
                             the specific principal and the principal's
                             cell.

               + foreign_group
                             Permissions for a specific, authenticated
                             group in a foreign cell. This type of ACL
                             entry must include a key that identifies
                             the specific group and the group's cell.

               + foreign_other
                              Permissions for all authenticated
                              principals in a specific foreign cell,
                              unless those principals are specifically
                              named in an ACL entry of type foreign_user
                              or members in a group named in an entry of
                              type foreign_group.  This type of ACL
                              entry must include a key that identifies
                              the specific foreign cell.

               + any_other - Permissions for all authenticated
                             principals unless those principals match
                             a more specific entry in the ACL.

               + mask_obj  - Permissions for the object mask that is
                             applied to all entry types except
   			    user_obj, other_obj, and unauthenticated.

               + unauthenticated
                             Maximum permissions applied when the
                             accessor does not pass authentication
                             procedures.  This entry is used for
                             principals that have failed authentica-
                             tion due to bad keys, principals who
                             are entirely outside of any authentication
                             cell, and principals who choose not to use
                             authenticated access.  Permissions granted
                             to an unauthenticated principal are masked
                             with this entry, if it exists.  If this
                             entry does not exist, access to
 	     		    unauthenticated principals is always
 			    denied.

               +  extended - A special entry that allows client
                             applications running at earlier DCE
                             versions to copy ACLs to and from ACL
                             Managers running at the current DCE
                             version without losing any data.  The
                             extended entry allows the application
                             running at the lower version to obtain a
                             printable form of the ACL.  The extended
                             ACL entry has the following form:

                   extended:uuid.ndr.ndr.ndr.ndr.number_of_byte.data

                           where:

                           uuid    Identifies the type extended ACL
                                   entry. (This UUID can identify
                                   one of the ACL entry types
                                   described here or an as-yet-
                                   undefined ACL entry type.)

                           ndr.ndr.ndr.ndr
                                   Up to three Network Data
                                   Representation (NDR) format labels
                                   (in hexadecimal format and
                                   separated by periods) that
                                   identify the encoding of data.

                           number_of_bytes
                                   A decimal number that specifies
                                   the total number of bytes in data.

                           data    The ACL data in hexadecimal form.
                                   (Each byte of ACL data is two
                                   hexadecimal digits.) The ACL data
                                   includes all of the ACL entry
                                   specifications except the
                                   permissions (described later) that
                                   are entered separately.  The data
                                   is not interpreted; it is assumed
                                   that the ACL Manager to which the
                                   data is being passed can understand
                                   that data.

 Key

 The key identifier (principal or group name) specifies the principal or
 group to which the ACL entry applies.  For entries of entry type
 extended, key is the data passed from one ACL Manager to another. A key
 is required for the following types of ACL entries:

     +  user          - Requires a principal name only.

     +  group         - Requires a group name only.

     +  foreign_user  - Requires a fully qualified cell name in addition
 		       to the principal name.

     +  foreign_group - Requires a fully qualified cell name in addition
 		       to the group name.

     +  foreign_other - Requires a fully qualified cell name.

 Permissions

 The permissions argument specifies the set of permissions that defines
 the access rights conferred by the entry. Since each ACL Manager defines
 the permission tokens and meanings appropriate for the objects it
 controls, the actual tokens and their meanings vary.  For example, the
 Distributed File Service, the Directory Service, and the Security
 Registry Service each implemhent a separate ACL Manager, and each can
 use a different set of tokens and permissions.  This means that file
 system objects, objects in the namespace, and registry objects could
 each use different permissions.  Use the p[ermissions] subcommand to
 display the currently available tokens and their meanings. See the
 documentation for the DCE component you are using to obtain a more
 detailed description of its specific permissions.

 EXAMPLES

  1.  The following example uses the interactive interface to set permis-
      sions for the unauthenticated and mask_obj entry type:

             sec_acl_edit> m mask_obj:rwx
             sec_acl_edit> m unauthenticated:r

  2.  The following example uses the interactive interface to set permis-
      sions for the effective user, group, and others in the ACL's cell:

             sec_acl_edit> m user_obj:crwx
             sec_acl_edit> m group_obj:rwx
             sec_acl_edit> m other_obj:rwx

  3.  The following example uses the command-line interface to invoke
      acl_edit and assign permissions for the file progress_chart to the
      authenticated user mike in the local cell:

     % acl_edit /.../dresden.com/fs/walden/progress_chart -m user:mike:cx

      Note that because this entry will be filtered through the object
      mask (mask_obj), which specifies only rwx permissions, the actual
      permissions will be rwx, not crwx. The l(ist) subcommand will show
      those permissions as follows:

             user:mike:crwx  #effective -rwx---

  4.  The following example uses the interactive interface to set permis-
      sions for the authenticated foreign user named burati in the cell
      named /.../usc-cs.uscal.edu:

     sec_acl_edit> m foreign_user:/.../usc-cs.uscal.edu/sailing/staff/bux

  5.  The following example uses the non-interactive command-line inter-
      face to invoke  and set the Initial Container Creation
      permissions for the directory that is named walden:

     % acl_edit /.../dresden.com/fs/walden  -ic  -m /user:walden:crwxid

2  –  chpass

 NAME
    chpass - Changes user database information

 SYNOPSIS

     chpass [user]

 OPTIONS

    None

 ARGUMENTS

  user      The user argument indicates the user whose database informa-
            tion you want to change.  If omitted, you are prompted for
            the user.

 DESCRIPTION

 The chpass command changes user database information associated with
 user.

 Note that the functionality of the chpass command as described in this
 reference page can change depending on the platform on which you are
 running the command. Each platform vendor integrates this command
 (based on 4.4BSD source) with the vendor's own login facility.

 You can edit information associated with user only if you are user or
 have the appropriate rights.

 chpass prompts for the information it needs.  The information will
 include all or a subset of the following list:

  o  Login - The login name used to access the account. Because the
     login name controls file access, they must be unique within the
     cell.  In multicell environments, this uniqueness is ensured by
     automatically appending the cell designator to the user's name.

     While it is possible to have multiple entries with identical login
     names, it is usually a mistake to do so.  Routines that manipulate
     these files will often return only one of the multiple entries,
     and that one by random selection.

  o  Password - The encrypted account password.

  Once the information has been verified, the network registry is
  updated.

 RELATED INFORMATION

     COMMANDS: login
               dce_login

3  –  dce_login

 NAME
    dce_login - Validates a principal's identity and obtains the
                principal's network credentials

 SYNOPSIS

    dce_login [principal_name] [password] [-c] [-e[xec] cmd_string]

 OPTIONS

   -c          Causes the principal's identity to be certified.  If you
               do not specify -c, the principal's identity is validated
               only.

   [-e[xec] cmd_string]    Executes the command supplied as cmd_string.

 ARGUMENTS

   principal_name    The name of the principal to log in as.

   password          The password for principal_name.

 DESCRIPTION

 The dce_login command is supplied for use in DCE configuration. It vali-
 dates a principal's identity and obtains the principal's network creden-
 tials.

 If the -c option is supplied, the command also certifies the principal's
 identity, and, if the principal is able to be certified, creates an
 entry for the principal in the machine's local registry.  If the
 principal is not able to be certified, the command attempts to log the
 principal in via the local registry.

 The -exec option executes the command specified by cmd_string after
 login.  If cmd_string is specified without a full pathname, the path
 prefix is obtained by searching the directories according to the PATH
 variable.

 The principal_name argument specifies the name of the principal who is
 logging in. The password argument specifies the principal's password.
 If you do not supply a principal name or a principal password, dce_login
 prompts for them.  If you enter them both on the command line, you must
 specify the principal name first, followed by the password.

 The dce_login command executes the shell specified in the SHELL environ-
 ment variable.

 Note that if the clocks on the Security server and client machines are
 not synchronized to within 2 or 3 minutes of each other, you may receive
 a password validation error and be unable to be validated.

4  –  kdestroy

 NAME

    kdestroy - Destroys a principal's login context and associated
               credentials

 SYNOPSIS
    kdestroy [-c cache_name]

 OPTIONS

   -c cache_name        Specifies that the login context and associated
                        credentials for cache_name should be destroyed
                        instead of the default cache.

 DESCRIPTION

 The kdestroy command destroys a principal's login context and the
 principal's credentials. Until the credentials are reestablished by
 either executing the dce_login command or the kinit command,  the
 principal and any processes created by the principal will be limited to
 unauthenticated access.

 FILES

   dce$local:[var.security.creds]DCECRED*
                      If the KRB5CCNAME logical name is set, the
                      default credentials cache.

 RELATED INFORMATION

    COMMANDS: klist
              kinit

5  –  kinit

 NAME

    kinit - Obtains and caches ticket-granting ticket

 SYNOPSIS

    kinit [-c cachename] [-f] [-l lifetime] [-p] [-r lifetime] [-v]
          [principal]

 OPTIONS

  -c cachename
           Specifies an alternative credentials cache, cachename, to be
           used in place of the default credentials cache.  The kinit
           command overwrites the contents of the alternative cache with
           the current credentials.
           The name of the default credentials cache may vary between
           systems.  However, if the KRB5CCNAME logical name is set,
           its value is used to name the default cache.

  -f       Requests the FORWARDABLE option.  This option allows a ticket-
           granting ticket with a different network address than the
           present ticket-granting ticket to be issued to the principal.
           For forwardable tickets to be granted, the principal's account
           in the registry must specify that the principal can be granted
           forwardable tickets.

  -l lifetime
           Specifies the lifetime of the ticket-granting ticket in hours.
           If this option is not specified, the default ticket lifetime
           (set by each site using the rgy_edit command) is used.

  -p       Requests the PROXIABLE option.  This option allows a ticket
           with a different network address than the present ticket to
           be issued to the principal. For proxiable tickets to be
           granted, the principal's account in the registry must specify
           that the principal can be granted proxiable tickets.

  -r lifetime
           Requests the RENEWABLE option.  This option allows the tickets
           issued to the principal to be renewed.  For renewable tickets
           to be granted, the principal's account in the registry must
           specify that the principal can be granted renewable tickets.
           The lifetime of the ticket-granting ticket is specified in
           hours by lifetime.

  -v       Specifies that the command should run in verbose mode.

 ARGUMENTS

   principal
           The principal argument specifies the name of the principal
           for whom the ticket-granting ticket should be obtained.  If
           principal is omitted, the principal name from the existing
           cache is reused.

 DESCRIPTION

 The kinit command can be used to refresh a DCE credentials cache.  When
 you invoke kinit, it prompts for your password.

 The ticket lifetime and renewable lifetime are set in the following
 format:

   {num {interval}}...

 where:

   num      A number that specifies the number of the interval; interval
            can be specified by the following:

            +
            w - weeks

            +
            d - days

            +
            h - hours

            +
            m - minutes

            +
            s - seconds

 For example, to set the lifetime to 3 weeks, 5 days, and 10 hours, the
 entry would be the following:

    3w5d10h

 FILES

   dce$local:[var.security.creds]DCECRED*
                      If the KRB5CCNAME logical name is not set, the
                      name of the file is in the form shown.  If the
                      KRB5CCNAME logical name is set, its setting
                      determines the name of the file.

 RELATED INFORMATION

   COMMANDS: klist
             kdestroy

6  –  klist

 NAME

   klist - Lists cached tickets

 SYNOPSIS

   klist [-c cachename] [-e] [-f]

 OPTIONS

   -c cachename
            Specifies that the contents of the cache identified by
            cachename should be displayed instead of the contents of
            the default cache.

   -e       Includes expired tickets in the display.  Without this
            option, only current tickets are displayed.

   -f       Displays option settings on the tickets.  The options are

              +
              D (postdatable)

              +
              d (postdated) F (forwardable)

              +
              f (forwarded)

              +
              I (initial)

              +
              i (invalid)

              +
              P (proxiable)

              +
              p (proxy)

              +
              R (renewable)

 DESCRIPTION

 The klist command lists the primary principal and tickets held in the
 default credentials cache, or in the cache identified by  cachename if
 the -c option is used.

 The name of the default credentials cache can vary between systems. How-
 ever, if the KRB5CCNAME logical name is set, its value is used to name
 the default cache.  If it is not set, the form of the name is
 dce$local:[var.security.creds]DCECRED*.

 RELATED INFORMATION

   COMMANDS: kinit
             kdestroy
             krb5

7  –  DCE$EXPORT

 The DCE EXPORT utility allows you to create an OpenVMS authorization
 file from an existing DCE registry.

 The DCE registry entries (or a subset of the registry entries) are
 converted into records in the OpenVMS SYSUAF file and rights database.
 Conversions are essentially a reversal of those made with the IMPORT
 function.

 Passwords cannot be exported. Instead, the automatic synchronization
 feature that occurs during integrated login is used to export user pass-
 words.

 The DCE EXPORT utility also creates and maintains an exclude list.
 The exclude list contains the DCE names of users who do not
 have, and do not require, an OpenVMS account. This feature allows
 DCE EXPORT to skip over these users during EXPORT operations.

   NOTE:

   The DCE EXPORT utility described in this section cannot be satisfied
   by the export function shipped with OSF DCE because of substantial
   differences between OpenVMS and UNIX user registry data.

7.1  –  File Info

 The DCE EXPORT utility is shipped as an OpenVMS executable image
 named DCE$EXPORT.EXE. The image resides in the SYS$SYSTEM directory.

 The DCE EXPORT exclude file is named by default DCE$EXPORT_EXCLUDE.DAT
 and also resides in SYS$SYSTEM. You can change the name or location,
 or both, of this file by defining the logical name DCE$EXPORT_EXCLUDE
 to point to the new filename and location.

7.2  –  Running EXPORT

 The DCE EXPORT utility allows system administrators to create an
 OpenVMS authorization file from an existing DCE registry.

 Integrated Login provides two methods of running the DCE EXPORT
 utility, as follows.

  o  By invoking the DCE EXPORT utility using a predefined symbol.

     $ EXPORT
     EXPORT>

 You can also specify a single DCE EXPORT command on the command line.
 Control returns to DCL after the command is executed.

     $ EXPORT command
     $

 SYS$COMMON:[SYSMGR]DCE$DEFINE_REQUIRED_COMMANDS.COM defines the DCE
 symbol EXPORT, which is used to invoke the DCE EXPORT utility. If
 this symbol is not defined in your environment, you can define the
 symbol as follows:

     $ EXPORT :== $SYS$SYSTEM:DCE$EXPORT

  o  By issuing the RUN command.

     $ RUN SYS$SYSTEM:DCE$EXPORT
     EXPORT>

 See the HP DCE for OpenVMS Alpha and OpenVMS I64 Reference Guide
 for detailed descriptions of the EXPORT commands.

7.3  –  Messages

7.3.1  –  EXP_ACCEXISTS

 OpenVMS account for <principal> already exists

        Explanation:

        Could not export <principal> because it has already been
        exported.

        User Action:

        None.

7.3.2  –  EXP_ADDDCEACC

 account for <principal> successfully added to OpenVMS

        Explanation:

        An OpenVMS acount was successfully created for <principal>.

        User Action:

        Note directly preceding and following messages for warnings.

7.3.3  –  EXP_ADDDCEUAF

 principal <principal> successfully added to DCE$UAF

        Explanation:

        Principal <principal> successfully added to the DCE$UAF file
        as part of the EXPORT operation.  Message displayed only if
        /INFORM is specified on the EXPORT command line.

        User Action:

        None.

7.3.4  –  EXP_ADDUAF

 principal <principal> successfully exported to OpenVMS

        Explanation:

        An OpenVMS account for successfully created for DCE
        <principal>.

        User Action:

        Note directly preceding and following messages for warnings.

7.3.5  –  EXP_BINDERR

 error binding to DCE security registry

        Explanation:

        Cannot connect to the DCE security server.

        User Action:

        Note accompanying error message for more details.

7.3.6  –  EXP_CREDCEUAF

 created new DCE$UAF file

        Explanation:

        A new DCE$UAF file was created.

        User Action:

        None.

7.3.7  –  EXP_DCEERR

 <DCE error message>

        Explanation:

        Accompanying DCE error message.

        User Action:

        Use this message to solve the problem generating the error.

7.3.8  –  EXP_DCELOGIN

 error in DCE login

        Explanation:

        Could not perform a DCE login.

        User Action:

        Enter valid DCE principal and password combination.

7.3.9  –  EXP_DCEUAFERR

 error searching DCE$UAF

        Explanation:

        Error searching or reading DCE$UAF file.

        User Action:

        Note accompanying error message for more details.

7.3.10  –  EXP_DELDCEUAF

 principal <principal> successfully deleted from DCE$UAF

      Explanation:

      Principal <principal> successfully deleted from DCE$UAF as
      part of larger delete operation. Message is displayed only
      if /INFORM is specified on the EXPORT command line.

        User Action:

        None.

7.3.11  –  EXP_DISUSER

 <username> remains DISUSER-ed

        Explanation:

        OpenVMS account for <username> was successfully created but
        could not enable the account.

        User Action:

        Manually remove the DISUSER flag using the AUTHORIZE
        utility.

7.3.12  –  EXP_ERRACCEXC

 error accessing DCE EXPORT exclude file

        Explanation:

        Could not access DCE EXPORT exclude file.

        User Action:

        Note accompanying error message for more details.

7.3.13  –  EXP_ERRADDEXC

 error adding principal to DCE EXPORT exclude file

        Explanation:

        Could not add principal to DCE EXPORT exclude file.

        User Action:

        Note accompanying error message for more details.

7.3.14  –  EXP_ERRADDUAF

 error adding principal to DCE$UAF file

        Explanation:

        Could not add principal name to DCE$UAF file.

        User Action:

        Note accompanying error message for more details.

7.3.15  –  EXP_ERRCRACC

 error creating OpenVMS account for <username>

        Explanation:

        Could not create an OpenVMS account for <username>.

        User Action:

        See accompanying error message for more details.

7.3.16  –  EXP_ERRCRDCEUAF

 error creating DCE authorization file

        Explanation:

        An error occurred while attempting to create the DCE$UAF
        file.

        User Action:

        See accompanying message for details.

7.3.17  –  EXP_ERRCREUAF

 error creating OpenVMS account for <username> - see following
 messages

        Explanation:

        Could not create the OpenVMS account for <username>.

        User Action:

        Note accompanying error messages for more details.

7.3.18  –  EXP_ERRDCEUAF

 error accessing DCE authorization file

        Explanation:

        An error occurred while attempting to access the
        DCE$UAF file.

        User Action:

        See accompanying message for details.

7.3.19  –  EXP_ERRDELEXC

 error deleting principal from DCE EXPORT exclude file

        Explanation:

        Could not delete principal from DCE EXPORT exclude file.

        User Action:

        Note accompanying error message for more details.

7.3.20  –  EXP_ERRDELUAF

 error deleting principal from DCE$UAF file

        Explanation:

        Could not delete principal from DCE$UAF file.

        User Action:

        Note accompanying error message for more details.

7.3.21  –  EXP_ERRENAUSR

 error enabling user <username>

        Explanation:

        Could not remove DISUSER flag from <username>'s account.

        User Action:

        Manually remove the flag using the AUTHORIZE utility.

7.3.22  –  EXP_ERRQUOTA

 error assigning disk quota to username <username> - see following
 messages

        Explanation:

        Error(s) occurred while attempting to set up disk
        quota for <username>

        User Action:

        Note the messages following this message.

7.3.23  –  EXP_ERRSETPW

 error setting password for <username>

        Explanation:

        Could not set password for OpenVMS <username>.

        User Action:

        Manually set password using the AUTHORIZE utility.

7.3.24  –  EXP_ERRSPAWN

 error spawning subprocess

        Explanation:

        Error spawning subprocess with the SPAWN command.

        User Action:

        Check user runtime configuration. Refer to appropriate
        OpenVMS documentation for more details.

7.3.25  –  EXP_ERRSYSUAF

 error accessing SYSUAF file

        Explanation:

        Could not access the SYSUAF file.

        User Action:

        Note accompanying error message for more details.

7.3.26  –  EXP_ERRUAFGET

 error getting SYSUAF information

        Explanation:

        Error accessing information in the SYSUAF file.

        User Action:

        Note accompanying error message for more information.

7.3.27  –  EXP_EXCADD

 principal <principal> added to DCE EXPORT exclude list

        Explanation:

        Principal <principal> successfully added to the DCE EXPORT
        exclude list.

        User Action:

        None.

7.3.28  –  EXP_EXCDEL

 principal <principal> removed from DCE EXPORT exclude list

        Explanation:

        Principal <principal> successfully deleted from the
        DCE EXPORT exclude list.

        User Action:

        None.

7.3.29  –  EXP_EXCLUDED

 principal <principal> has been excluded from OpenVMS

        Explanation:

        Unable to export <principal> because it is on the DCE EXPORT
        exclude list. This message is displayed only if /INFORM is
        specified on the EXPORT command line.

        User Action:

        If incorrectly excluded, use DELETE/EXCLUDE to remove it
        from the DCE EXPORT exclude list and reexport.

7.3.30  –  EXP_GRPUICFULL

 no member UIC available in specified group

        Explanation:

        No more members available in the specified group.

        User Action:

        Use another group UIC if possible.

7.3.31  –  EXP_INDCEUAF

 principal <principal> already in DCE$UAF

        Explanation:

        Could not add already existing principal name to DCE$UAF.

        User Action:

        None.

7.3.32  –  EXP_INEXCLUDE

 principal <principal> already in DCE EXPORT exclude file

        Explanation:

        An attempt was made to add an already existing principal
        name to the DCE EXPORT exclude file.

        User Action:

        None.

7.3.33  –  EXP_INITERROR

 initialization error

        Explanation:

        Error during initialization phase for DCE EXPORT.

        User Action:

        Note accompanying error message for more details.

7.3.34  –  EXP_INITWAIT

 initializing.....

        Explanation:

        DCE EXPORT in initialization phase.

        User Action:

        None.

7.3.35  –  EXP_INPREQ

 input required!

        Explanation:

        Input not entered where mandatory.

        User Action:

        Provide input.

7.3.36  –  EXP_INTERROR

 internal error

        Explanation:

        Internal error in DCE EXPORT.

        User Action:

        Note accompanying error message for more details or submit
        a Quality Assurance Report (QAR).

7.3.37  –  EXP_INTINPDEV

 internal error opening input device

        Explanation:

        Error accessing SYS$INPUT.

        User Action:

        Check user runtime configuration. Refer to appropriate
        OpenVMS documentation for more information.

7.3.38  –  EXP_INVGRPUIC

 invalid group UIC

        Explanation:

        Group UIC entered is invalid (format if value, name if
        identifier).

        User Action:

        Enter valid group UIC.

7.3.39  –  EXP_INVMEMUIC

 invalid member UIC

        Explanation:

        Member UIC entered is out of range or of invalid format.

        User Action:

        Enter valid member UIC.

7.3.40  –  EXP_INVMS

 principal <principal> already exported to OpenVMS

        Explanation:

        A record for <principal> already exists in the DCE$UAF file
        indicating that is has already been exported.

        User Action:

        None.

7.3.41  –  EXP_INVPASSWD

 password validation failed. Please retry

        Explanation:

        Password validation failed while entering password for the
        OpenVMS account to be created.

        User Action:

        Enter valid password.

7.3.42  –  EXP_INVPWDLEN

 password length must be between <minimum> and <maximum> characters

        Explanation:

        The user specified password for the OpenVMS  account is
        outside of the defined range.

        User Action:

        Specify a password of length between <minimum> and <maximum>

7.3.43  –  EXP_NAMEINUSE

 OpenVMS username <username> already mapped to another DCE
 principal

        Explanation:

        OpenVMS username specified is already associated with another
        DCE principal in the DCE$UAF file.

        User Action:

        Specify a username that is not associated with a DCE princi-
        pal. Use the DCE$UAF utility to search the DCE$UAF file for
        usernames and associated DCE principal names.

7.3.44  –  EXP_NODCEUAF

 unable to open DCE authorization file

        Explanation:

        Error occurred while attempting to open the
        DCE$UAF file.

        User Action:

        See accompanying message for details.

7.3.45  –  EXP_NOEXCUSR

 no excluded users

        Explanation:

        No principal names listed in the DCE EXPORT exclude file.

        User Action:

        None.

7.3.46  –  EXP_NOSCHUSR

 no principal <principal> in DCE registry

        Explanation:

        Principal <principal> requested for export does not exist in
        the DCE registry.

        User Action:

        Use valid DCE principal name. Use the DCE tool RGY_EDIT to
        view DCE principal names.

7.3.47  –  EXP_NOSUCHEXC

 no such principal in DCE EXPORT exclude file

        Explanation:

        Requested principal does not exist in DCE EXPORT exclude
        file.

        User Action:

        Use the SHOW/EXCLUDE command to list names in the exclude
        file.

7.3.48  –  EXP_NOSUCHPR

 no DCE account <principal>

        Explanation:

        An attempt was made to export a nonexistent DCE principal.

        User Action:

        Specify a valid DCE principal name. Use the DCE tool
        RGY_EDIT to view the DCE principals.

7.3.49  –  EXP_NOTINEXC

 principal <principal> not in DCE EXPORT exclude file

        Explanation:

        An attempt was made to access a nonexistent record in the
        DCE EXPORT file.

        User Action:

        Use SHOW/EXCLUDE to see the contents of the exclude file.

7.3.50  –  EXP_NOVMSUSR

 no OpenVMS user <username>

        Explanation:

        A nonexistent OpenVMS username was specified with the /LIKE
        qualifier.

        User Action:

        Specify a valid OpenVMS username.

7.3.51  –  EXP_NXTMEMUIC

 error finding next available member UIC

        Explanation:

        Could not find the next available member UIC in the group
        specified.

        User Action:

        Note the accompanying error message for more details.

7.3.52  –  EXP_OUTOPNERR

 error opening alternate output

        Explanation:

        Could not access file name specified with /OUTPUT qualifier.

        User Action:

        Note accompanying error message for more details.

7.3.53  –  EXP_SEEFILE

 see file <file name> for error messages

        Explanation:

        Error(s) occurred while creating the OpenVMS
        account but EXPORT was unable to display the error
        messages.  The user is asked to read the file <file name>
        for the error messages.

        User Action:

        Read the file <file name> for error messages.

7.3.54  –  EXP_TIMERR

 DCE time configuration error

        Explanation:

        Time configuration is incorrect on the DCE system.

        User Action:

        Refer to the Troubleshooting chapter in the HP
        DCE for OpenVMS Alpha and OpenVMS I64 Product Guide.

7.3.55  –  EXP_TOOLONG

 input for <qualifier> too long

        Explanation:

        Value of <qualifer> is longer than expected maximum size of
        value.

        User Action:

        Enter a value that is within the valid size range.

7.3.56  –  EXP_USERERR

 error getting input from user

        Explanation:

        User entered invalid input.

        User Action:

        Enter valid input.

7.4  –  ADD

 Adds DCE principal names.  The ADD command can only be used
 with the following qualifier:

    o  ADD/EXCLUDE       Adds a DCE principal name to the EXPORT
                         exclude list (see /EXCLUDE).

    /EXCLUDE

    Adds a DCE principal name to the EXPORT exclude list.

    Format:

    ADD/EXCLUDE  PRINCIPAL

    Parameters

    principal

    Specifies the DCE principal name to be added to the EXPORT
    exclude list.

    If the principal name contains lowercase characters,
    spaces, or other special characters, enclose the entire
    string in quotes.

7.5  –  DELETE

 Deletes DCE principal names.  The DELETE command can only be used
 with the following qualifier:

    o  DELETE/EXCLUDE    Deletes a DCE principal name from the EXPORT
                         exclude list (see /EXCLUDE).

    /EXCLUDE

    Deletes a DCE principal name from the EXPORT exclude list.

    Format:

    DELETE/EXCLUDE  PRINCIPAL

    Parameters

    principal

    Specifies the DCE principal name to be deleted from the
    EXPORT exclude list.

    If the principal name contains lowercase characters,
    spaces, or other special characters, enclose the entire
    string is quotes.

7.6  –  EXIT

 Exits the EXPORT utility. You can also exit EXPORT by
 pressing the Ctrl/Z key.

    Format:

    EXIT

7.7  –  EXPORT

 The EXPORT command is used to create OpenVMS accounts
 in the OpenVMS system authorization file (SYSUAF) based on
 existing accounts in the DCE registry.

    Format:

    EXPORT  DCE-ACCOUNT-NAME

        Qualifiers            Defaults

         /[NO]ADD_IDENTIFIERS  /ADD_IDENTIFIERS
         /[NO]CONFIRM
         /DCE_LOGIN=(keyword=value[,...])
         /[NO]EXCLUDE          /NOEXCLUDE
         /[NO]INFORM           /INFORM
         /[NO]INTERACTIVE      /INTERACTIVE
         /OUTPUT[=output]      /OUTPUT=SYS$OUTPUT:
         /[NO]RECAP            /NORECAP
         /[NO]TEST_ONLY        /NOTEST_ONLY
         /[NO]WILD             /WILD

         Data Qualifiers       Defaults

         /[NO]ACCOUNT=account  /ACCOUNT=dce-group-name
         /DEVICE=device        Taken from /LIKE account
         /DIRECTORY=directory  /DIRECTORY=vms-username
         /GROUP_UIC=group_uic
         /LIKE=vms-account     /LIKE=DEFAULT
         /MEMBER_UIC=member_uic Next available within UIC group
         /[NO]OWNER=owner      /OWNER=dce-principal-name
         /PASSWORD=passwd      None
         /[NO]QUOTA=n          /QUOTA=1000
         /USERNAME=username    /USERNAME=dce-principal-name

7.7.1  –  Parameters

 dce-account-name

    Specifies the name of the DCE account that is to be
    exported. If the DCE account name contains lowercase
    characters, spaces or other special characters then
    enclose the name in quotes.

    If an asterisk is specified in place of the dce-account-
    name then all accounts from the registry are selected.

7.7.2  –  Qualifiers

  /CONFIRM

    /CONFIRM
    /NOCONFIRM

    Controls whether the EXPORT command asks for confirmation
    before creating the OpenVMS account.

    In interactive mode the default is /CONFIRM. In noninteractive
    mode the default is /NOCONFIRM.

    /DCE_LOGIN=(keyword=value[,...])

       /DCE_LOGIN=(keyword=value[,...])

    Provides DCE account details for accounts that are authorized to
    read pricipals and accounts from the DCE registry. Valid keywords
    for the DCE_LOGIN qualifier are as follows:

    Keyword         Description

    PRINCIPAL       The principal name to be used for authentication
                    purposes when reading accounts and/or
                    principals from the DCE registry.

                    If you do not specify a principal with this
                    qualifier you are prompted for one interactively.

    PASSWORD        The password associated with the principal
                    name that was specified by the PRINCIPAL keyword.

                    If you do not specify a password with this
                    qualifier you are prompted for one interactively.

    If you do not specify a principal or password with this qualifi-
    er, you are prompted for them interactively, regardless of
    whether or not you are running in interactive mode. This infor-
    mation need be entered only once per session, on the first EXPORT
    command.Subsequent EXPORT commands within the same session do not
    require that you to reenter this information.

    If you are an interactive user and you do not specify the
    PASSWORD keyword, EXPORT prompts you for your password. The
    advantage in this is the password is not echoed and therefore
    does not appear on your terminal.

  /EXCLUDE

       /EXCLUDE
       /NOEXCLUDE (default)

    Determines whether the DCE account is exported to OpenVMS.
    If the DCE account is not exported, the OpenVMS account is not
    created and an entry is created in the EXPORT exclude file for
    the specified DCE account.

  /INFORM

       /INFORM (default)
       /NOINFORM

    Determines whether the user is informed of DCE accounts that
    would have been selected for export, but are not selected.
    (The reasons that accounts are not selected for export are that
    they have already been exported (for example, they have an entry
    in the DCE$UAF) or that they exist in the EXPORT exclude file.)

  /INTERACTIVE (default)

       /INTERACTIVE (default)
       /NOINTERACTIVE

    Controls whether an interactive or noninteractive export is
    performed.

    In interactive mode, a series of questions is asked and the
    user's responses are used to determine the account details. This
    mode is well suited to interactive users.

    In noninteractive mode, all input is supplied through the data
    qualifiers, and any missing or conflicting data causes the
    OpenVMS account to not be created. This mode is well suited to
    command files and batch jobs.

    Data qualifiers can be specified in interactive mode. In this
    case the data they provide is used to provide the default answers
    to the relevant questions. All questions are still asked.

  /OUTPUT[=output]

       /OUTPUT[=output]

    Defines where all program output should be written.
    The default is SYS$OUTPUT:.

  /RECAP

       /RECAP
       /NORECAP (default)

    If /RECAP is specified details of the OpenVMS account are dis-
    played before it is actually created. When /CONFIRM is also
    specified the account details are displayed immediately before
    the confirmation request.

  /TEST_ONLY

       /TEST_ONLY
       /NOTEST_ONLY (default)

    If /TEST_ONLY is specified, OpenVMS accounts, identifiers, and
    DCE$UAF entries are not created.  All other functions operate
    normally.

  /WILD

       /WILD (default)
       /NOWILD

    Specifies whether or not standard VMS wildcarding is to be
    applied to dce-account-name. The default is /WILD which means a
    dce-account-name of "SM*" is interpreted as meaning "export any
    account starting SM".

    If /NOWILD is specified the dce-account-name "SM*" is exported.

7.7.3  –  Data Qualifiers

7.7.3.1    /ACCOUNT=account

       /ACCOUNT=account (default)
       [NO]ACCOUNT

    Specifies the account string for the OpenVMS account (same as
    /ACCOUNT in AUTHORIZE). The account is a string of 1 to 8
    alphanumeric characters.

    If this qualifier is not specified, the DCE account's group name
    is used (truncated to 8 characters if necessary).

    If no account field is required then specify /NOACCOUNT.

7.7.3.2    /DEVICE=device

       /DEVICE=device

    Specifies the name of the OpenVMS account's default
    device at login. The device-name is a string of 1 to 31
    alphanumeric characters. If you omit the colon from the
    device-name value, a colon is automatically appended.

    The default device is copy the device field from the
    account specified by the /LIKE qualifier.

7.7.3.3    /DIRECTORY=directory

       /DIRECTORY=directory

    Specifies the default directory name for the DIRECTORY field of
    the OpenVMS SYSUAF record. The directory name can be 1 to 63
    alphanumeric characters. If you do not enclose the directory name
    in brackets, EXPORT adds the brackets for you.

    The default directory name is [username] where username is the
    OpenVMS account's username.

7.7.3.4    /GROUP_UIC=group_uic

       /GROUP_UIC=group_uic

    Specifies the group part of the UIC for the OpenVMS
    account. GROUP_UIC can be specified as an octal
    group UIC code or as an existing group UIC identifier.
    If specified as an octal number, it must be in the
    range 1 to 37776 (octal).

    The default is to take the OpenVMS account's ACCOUNT
    field, convert it to uppercase, and interpret this as a group
    UIC identifier. If such an identifier does not exist then
    a similar translation is attempted for the DCE account's
    group name. If neither identifiers exist, the group
    UIC is derived from the OpenVMS account specified by the
    /LIKE qualifier.

7.7.3.5    /LIKE=vms-account

       /LIKE=vms-account

    Specifies an existing OpenVMS account that is to be used
    as the basis for the OpenVMS account that is being
    created. Any fields not specified on the EXPORT command line, as
    well as all quotas, privileges, etc, are inherited from
    the /LIKE account.

    The default is DEFAULT (as it is in AUTHORIZE).

7.7.3.6    /MEMBER_UIC=member_uic

       /MEMBER_UIC=member_uic

    Specifies the member part of the UIC for the OpenVMS
    account. MEMBER_UIC should be specified as an octal
    number within the range 0 to 177776 (octal).

    The default is to use the first available member UIC
    within the group UIC (as specified by /GROUP_UIC). For example,
    if the selected group is 150 and that group has members 1,
    2, 5 and 6 already defined, then the new uic would be
    [150,3].

7.7.3.7    /OWNER=owner (default)

       /OWNER=owner (default)
       /NOOWNER

    Specifies the owner string for the OpenVMS account (same
    as /OWNER in AUTHORIZE). The owner is a string of 1 to 31
    characters.

    If this qualifier is not specified, the DCE account's principal
    name is used (truncated to 31 characters if necessary).

    If no owner field is required, specify /NOOWNER.

7.7.3.8    /PASSWORD=passwd

       /PASSWORD=passwd

    Specifies the password for the OpenVMS account. Passwords
    contain from 0 to 32 characters and can include
    alphanumeric characters, dollar signs, and underscores.
    Passwords are not case-sensitive.

    If you do not specify a password, the account is
    created without a valid OpenVMS password.

7.7.3.9    /QUOTA=quota

       /QUOTA=quota (default)
       /NOQUOTA

    Specifies the disk quota for the device specified by
    /DEVICE to be given to the OpenVMS account (if quotas
    are enabled on that volume).

    The default is 1000 blocks. If quotas are not enabled
    on the device specified by /DEVICE, or if /NOQUOTA is
    specified, then no quota is given.

7.7.3.10    /USERNAME=username

       /USERNAME=username

    Specifies the username for the OpenVMS account. The
    username is a string of 1 to 12 alphanumeric characters
    and can contain underscores.

    If this qualifier is not specified, the DCE account's principal
    name is used (truncated to 12 characters and uppercased).

7.8  –  SHOW

 Displays DCE principal names. The SHOW command can only be used
 with the following qualifier:

    o  SHOW/EXCLUDE      Displays DCE principal names in the EXPORT
                         exclude list (see /EXCLUDE).

    /EXCLUDE

    Displays DCE principal names in the EXPORT exclude list.

    Format:

    SHOW/EXCLUDE  [PRINCIPAL]

         Qualifiers            Defaults

         /ALL
         /OUTPUT=output        /OUTPUT=SYS$OUTPUT:

7.8.1  –  Parameters

 principal

    Specifies the name of the DCE principal to be displayed
    from the EXPORT exclude list. Full OpenVMS wildcarding
    is allowed.

    If the principal name contains lowercase characters,
    spaces, or other special characters, enclose the entire
    string is quotes.

    If /ALL is on the command line, do not specify a principal
    name.

7.8.2  –  Qualifiers

7.8.2.1    /ALL

       /ALL

    Specifies that all EXPORT exclude entries are to be
    displayed. If you do not specify principal, then /ALL is
    assumed.

7.8.2.2    /OUTPUT=output

       /OUTPUT=output

    Determines where the output is written.
    The default is SYS$OUTPUT:.

8  –  DCE$IMPORT

 The DCE IMPORT utility allows you to create principal and account
 entries in a DCE registry based on accounts in an existing OpenVMS
 authorization file. It is used for the following purposes:

 o  To populate the DCE registry when a new DCE cell is first established

 o  To add entries to an existing DCE registry when a new OpenVMS system
    joins an existing DCE cell

 o  To add entries to an existing DCE registry when new  users have
    joined an OpenVMS sytem that is already part of an existing DCE cell

 The DCE IMPORT utility also creates and maintains an exclude list.
 The exclude list contains the OpenVMS usernames of users who do not
 have, and do not require, a DCE account. This feature allows DCE IMPORT
 to skip over these users during DCE IMPORT operations.

    NOTE:

    The DCE IMPORT utility described in this section cannot be satisfied
    by the import function shipped with OSF DCE because of substantial
    differences between OpenVMS and UNIX user registry data.

 Passwords cannot be imported.  Instead, the automatic synchronization
 feature that occurs during integrated login is used to import user
 passwords.

 See the HP DCE for OpenVMS Alpha and OpenVMS I64 Reference Guide
 for detailed descriptions of the DCE IMPORT commands.

    RELATED INFORMATION
      COMMANDS: DCE$EXPORT

8.1  –  File Info

 The DCE DCE IMPORT utility is shipped as an OpenVMS executable image
 named DCE$IMPORT.EXE. The image resides in the SYS$SYSTEM directory.

 The DCE IMPORT exclude file is named by default DCE$IMPORT_EXCLUDE.DAT
 and also resides in SYS$SYSTEM. You can change the name or location,
 or both, of this file by defining the logical name DCE$IMPORT_EXCLUDE
 to point to the new filename and location.

8.2  –  Running IMPORT

 The DCE IMPORT utility allows system administrators to create princi-
 pal and account entries in a DCE registry based on accounts in SYSUAF.

 Integrated Login provides two methods of running the DCE IMPORT
 utility, as follows.

 o  By invoking the DCE IMPORT utility using a predefined symbol.

    $ IMPORT
    IMPORT>

 You can also specify a single DCE IMPORT command on the command line.
 Control returns to DCL after the command is executed.

    $ IMPORT command

 SYS$COMMON:[SYSMGR]DCE$DEFINE_REQUIRED_COMMANDS.COM defines the DCE
 symbol IMPORT which is used to invoke the DCE IMPORT utility. If this
 symbol is not defined in your environment, you can define the symbol
 as follows:

    $ IMPORT :== $SYS$SYSTEM:DCE$IMPORT

 o  By issuing the RUN command.

    $ RUN SYS$SYSTEM:DCE$IMPORT
    IMPORT>

8.3  –  Messages

8.3.1  –  IMP_ACCEXISTS

 account for <principal> already exists in DCE

       Explanation:

       An attempt has been made to recreate an account for
       <principal> in the DCE registry.

       User Action:

       None. This is a warning indicating that this suboperation
       in the IMPORT operation was previously performed.

8.3.2  –  IMP_ADDDCE

 username <username> successfully imported into DCE

       Explanation:

       A DCE account has been successfully created for OpenVMS
       username <username>.

       User Action:

       None.

8.3.3  –  IMP_ADDDCEACC

 account for <principal> successfully added to DCE

       Explanation:

       A DCE account was successfully created for <principal>.

       User Action:

       None.  This is an informational message displayed only if
       /INFORM is specified on the DCE IMPORT command line.

8.3.4  –  IMP_ADDDCEPRN

 principal <principal> successfully added to DCE

       Explanation:

       Principal <principal> record successfully created in the
       DCE registry.

       User Action:

       None. This is an informational message displayed only when
       /INFORM is specified on the DCE IMPORT command line.

8.3.5  –  IMP_ADDDCEUAF

 username <username> successfully added to DCE$UAF

       Explanation:

       Username <username> successfully added to the DCE$UAF file.

       User Action:

       None. This is an informational message displayed only if
       /INFORM is specified on the DCE IMPORT command line.

8.3.6  –  IMP_BINDERR

 error binding to DCE security registry

       Explanation:

       Unable to bind to the DCE security server.

       User Action:

       Note accompanying DCE error message for more details.

8.3.7  –  IMP_CREDCEUAF

 created new DCE$UAF file

       Explanation:

       A new DCE$UAF file was created.

       User Action:

       None.

8.3.8  –  IMP_DCEERR

 <DCE error message>

       Explanation:

       Accompanying DCE error message supplied with other
       DCE IMPORT error messages.

       User Action:

       Use this message to determine the cause of the problem.

8.3.9  –  IMP_DCELOGIN

 error in DCE login

       Explanation:

       An error occurred during DCE login.

       User Action:

       Enter a valid DCE username and password when prompted by
       DCE IMPORT.

8.3.10  –  IMP_DCEUAFERR

 error searching DCE$UAF

       Explanation:

       An error occurred while searching the DCE$UAF file.

       User Action:

       Note the accompanying error message for more details.

8.3.11  –  IMP_DELACC

 account for principal <principal> deleted from DCE

       Explanation:

       DCE account for <principal> was deleted from the DCE registry.
       This occurs when an atomic IMPORT operation fails during one
       of its suboperations. Such failure prompts a backout of all
       suboperations successfully performed during this IMPORT
       operation. Deleting the account is one such backout operation.

       User Action:

       None.  This is an informational message displayed only when
       /INFORM is specified on the DCE IMPORT command line.

8.3.12  –  IMP_DELDCEUAF

 username <username> successfully deleted from DCE$UAF

       Explanation:

       Username <username> deleted from DCE$UAF file.

       User Action:

       None. This is an informational message displayed only if
       /INFORM is specified on the DCE IMPORT command line.

8.3.13  –  IMP_DELFRGRP

 principal <principal> from group <group>

       Explanation:

       Principal <principal> was deleted from <group> in the DCE
       registry. This occurs when an atomic IMPORT operation fails
       during one of its suboperations. Such failure prompts a
       backout of all suboperations successfully performed during
       this IMPORT operation. Deleting the principal from the group
       is one such backout operation.

       User Action:

       None.  This is an informational message displayed only when
       /INFORM is specified on the DCE IMPORT command line.

8.3.14  –  IMP_DELFRORG

 principal <principal> deleted from organization <organization>

       Explanation:

       Principal <principal> was deleted from <organization> in the
       DCE registry. This occurs when an atomic IMPORT operation
       fails during one of its suboperations. Such failure prompts
       a backout of all suboperations successfully performed during
       this IMPORT operation. Deleting the principal from the
       organization is one such backout operation.

       User Action:

       None.  This is an informational message displayed only when
       /INFORM is specified on the DCE IMPORT command line.

8.3.15  –  IMP_DELPRN

 principal <principal> deleted from DCE

       Explanation:

       Principal <principal> was deleted from the DCE registry.
       This occurs when an atomic IMPORT operation fails during one
       of its suboperations. Such failure prompts a backout of all
       suboperations successfully performed during this IMPORT
       operation. Deleting the principal is one such backout
       operation.

       User Action:

       None. This is an informational message displayed only when
       /INFORM is specified on the DCE IMPORT command line.

8.3.16  –  IMP_ERRADDGRP

 error adding principal <principal> to group <group>

       Explanation:

       Could not add <principal> to <group> in the DCE registry.

       User Action:

       Note the accompanying DCE error message for more details.

8.3.17  –  IMP_ERRADDORG

 error adding principal <principal> to organization <organization>

       Explanation:

       Could not add <principal> to <organization> in DCE registry.

       User Action:

       Note the accompanying DCE error message for more details.

8.3.18  –  IMP_ERRACCEXC

 error accessing DCE IMPORT exclude file

       Explanation:

       Could not access the DCE IMPORT exclude file.

       User Action:

       Note the accompanying error message for more details.

8.3.19  –  IMP_ERRADDEXC

 adding username to DCE IMPORT exclude file

       Explanation:

       Could not add the requested username to the DCE IMPORT
       exclude file.

       User Action:

       Note the accompanying error message for more details.

8.3.20  –  IMP_ERRADDUAF

 error adding username to DCE$UAF file

       Explanation:

       Could not add the imported username to the DCE$UAF file.

       User Action:

       Note the accompanying error message for more details.

8.3.21  –  IMP_ERRCRACC

 error creating account for <principal>

       Explanation:

       Could not create a DCE account for <principal>.

       User Action:

       Note the accompanying DCE error message for more details.

8.3.22  –  IMP_ERRCRDCEUAF

 error creating DCE authorization file

       Explanation:

       An error occurred while attempting to create the
       DCE$UAF file.

       User Action:

       See accompanying message for details.

8.3.23  –  IMP_ERRCRPRN

 error creating principal <principal>

       Explanation:

       Could not create a principal in the DCE registry.

       User Action:

       Note the accompanying DCE error message for more details.

8.3.24  –  IMP_ERRDCEUAF

 error accessing DCE authorization file

       Explanation:

       An error occurred while attempting to access the
       DCE$UAF file.

       User Action:

       See accompanying message for details.

8.3.25  –  IMP_ERRDELACC

 error deleting account for <principal>

       Explanation:

       Unable to delete account for <principal> from DCE registry.

       User Action:

       See accompanying DCE error message for more details.

8.3.26  –  IMP_ERRDELEXC

 error deleting username from DCE IMPORT exclude file

       Explanation:

       Could not remove requested username from the DCE IMPORT
       exclude file.

       User Action:

       Note the accompanying error message for more details.

8.3.27  –  IMP_ERRDELFRGRP

 error deleting principal <principal> from group <group>

       Explanation:

       An error occurred while deleting <principal>
       from <group> in the DCE registry. This delete operation is
       performed if the overall IMPORT operation failed and a
       backout of changes applied to the DCE registry is
       required.

       User Action:

       See accompanying DCE message for details.

8.3.28  –  IMP_ERRDELFRORG

 error deleting principal <principal> from organization
 <organization>

       Explanation:

       An error occurred while deleting <principal> from
       <organization> in the DCE registry. This delete
       operation is performed if the overall IMPORT
       operation failed and a backout of changes applied to the
       DCE registry is required.

       User Action:

       See accompanying DCE message for details.

8.3.29  –  IMP_ERRDELPRN

 error deleting principal <principal>

       Explanation:

       Unable to delete <principal> from DCE registry

       User Action:

       See accompanying DCE error message for more details

8.3.30  –  IMP_ERRDELUAF

 error deleting username from DCE$UAF file

       Explanation:

       Could not delete a username from the DCE$UAF file.

       User Action:

       Note the accompanying error message for more details.

8.3.31  –  IMP_ERRCHGAUT

 error changing account authorization policy

       Explanation:

       Could not change the DCE account's authorization policy.

       User Action:

       Note the accompanying DCE error message for more details.

8.3.32  –  IMP_ERRSPAWN

 error spawning sub-process

       Explanation:

       An error occurred while spawning a subprocess on the SPAWN
       command.

       User Action:

       Refer to appropriate OpenVMS documentation for resolution.

8.3.33  –  IMP_ERRSYSUAF

 error accessing SYSUAF file

       Explanation:

       Could not access the OpenVMS SYSUAF file.

       User Action:

       See accompanying OpenVMS or RMS error message for more
       details.

8.3.34  –  IMP_EXCADD

 username <username> added to DCE IMPORT exclude list

       Explanation:

       Username <username> successfully added to the DCE IMPORT
       exclude file. A DCE account will not be created for this
       username.

       User Action:

       None.

8.3.35  –  IMP_EXCDEL

 username <username> removed from DCE IMPORT exclude list

       Explanation:

       Username <username> successfully removed from DCE IMPORT
       exclude file.  A subsequent IMPORT session could be used to
       create a DCE account for this username.

       User Action:

       None.

8.3.36  –  IMP_EXCLUDED

 username <username> has been excluded from DCE

       Explanation:

       Username <username> cannot be imported since it has been
       excluded from the DCE registry.

       User Action:

       None. This is an informational message displayed when /INFORM
       is specified on the DCE IMPORT command line.

8.3.37  –  IMP_INDCE

 username <username> already imported into DCE

       Explanation:

       An import operation was attempted on an already imported
       OpenVMS username.

       User Action:

       None. This is an informational message displayed only when
       /INFORM is specified on the DCE IMPORT command line.

8.3.38  –  IMP_INDCEUAF

 user <username> already in DCE$UAF

       Explanation:

       Username <username> already exists in the DCE$UAF.DAT file.

       User Action:

       None. This is a warning indicating that this suboperation in
       the IMPORT operation was previously performed.

8.3.39  –  IMP_INEXCLUDE

 username <username> already in DCE IMPORT exclude file

       Explanation:

       Username <username> has previously been added to the DCE
       IMPORT exclude file.

       User Action:

       None. This informational message is displayed when an exclude
       operation is attempted on an already excluded username and
       is displayed only when /INFORM is specified on the DCE
       IMPORT command line.

8.3.40  –  IMP_INTINPDEV

 internal error opening input device

       Explanation:

       Error opening SYS$INPUT.

       User Action:

       Verify user runtime environment. See to appropriate OpenVMS
       documentation for more details.

8.3.41  –  IMP_INITERROR

 initialization error

       Explanation:

       An error occurred during DCE IMPORT's initialization phase.

       User Action:

       Note error messages accompanying or directly preceding this
       message.

8.3.42  –  IMP_INITWAIT

 initializing.....

       Explanation:

       DCE IMPORT is in initialization mode.

       User Action:

       None.

8.3.43  –  IMP_INVPASSWD

 password validation failed. Please retry

       Explanation:

       The password entered when prompted for a retype does not
       match the originally entered password.

       User Action:

       Enter correct password for original and retype entry.

8.3.44  –  IMP_INPREQ

 input required!

       Explanation:

       Input not entered where input was mandatory.

       User Action:

       Provide required input.

8.3.45  –  IMP_INTERROR

 internal error

       Explanation:

       DCE IMPORT internal error occurred.

       User Action:

       Contact your support engineer or Submit a Quality Assurance
       Report (QAR).

8.3.46  –  IMP_INVDATETM

 invalid date/time

       Explanation:

       Date/time entered has invalid format.

       User Action:

       Enter date/time in standard format (dd-MMM-yyyy hh:mm:ss).

8.3.47  –  IMP_NODCEUAF

 unable to open DCE authorization file

       Explanation:

       Error occurred while attempting to open the DCE$UAF file

       User Action:

       See accompanying message for details.

8.3.48  –  IMP_NOEXCUSR

 no excluded users

       Explanation:

       No users listed in DCE IMPORT exclude file.

       User Action:

       None.

8.3.49  –  IMP_NOGRP

 group name not specified

       Explanation:

       Mandatory qualifier /GROUP not specified during a noninter-
       active IMPORT session.

       User Action:

       Provide the /GROUP qualifier with the group name on the
       command line.

8.3.50  –  IMP_NOORG

 organization name not specified

       Explanation:

       Mandatory qualifier /ORGANIZATION not specified during a
       noninteractive IMPORT session.

       User Action:

       Provide the /ORGANIZATION qualifier with the organiation
       name on the command line.

8.3.51  –  IMP_NOPRIN

 principal <principal> does not exist in DCE Registry

       Explanation:

       Principal <principal> does not exist in the DCE Registry.
       This means that <principal> does not have a corresponding
       OpenVMS username/account.

       User Action:

       None.

8.3.52  –  IMP_NOSUCHEXC

 no such username in exclude file

       Explanation:

       Username specified does not exist in DCE IMPORT's exclude
       file.

       User Action:

       Specify username that exists in DCE IMPORT's exclude file.
       Enter command SHOW/EXCLUDE to display the entire exclude
       list.

8.3.53  –  IMP_NOSUCHGRP

 no group <group>. Please choose a valid group

       Explanation:

       The group name specified is nonexistent in the DCE registry.

       User Action:

       Choose a valid group name. Use the DCE tool RGY_EDIT to
       search the DCE registry for group names.

8.3.54  –  IMP_NOSUCHORG

 no organization <organization>. Please choose a valid organization

       Explanation:

       The organization name specified is nonexistent in the DCE
       registry.

       User Action:

       Choose a valid organization name. Use the DCE tool RGY_EDIT
       to search the DCE registry for organization names.

8.3.55  –  IMP_NOSCHPRM

 corresponding primary principal not found in DCE

       Explanation:

       The DCE principal name specified as the primary principal
       while attempting to create an alias principal name is non-
       existent in the DCE registry.

       User Action:

       Use the correct DCE principal name. Use the DCE tool RGY_EDIT
       to view the DCE registry.

8.3.56  –  IMP_NOSCHUSR

 OpenVMS username <username> does not exist on this system

       Explanation:

       An attempt was made to import a nonexistent OpenVMS user.

      User Action:

       Choose a valid OpenVMS user.

8.3.57  –  IMP_OUTOPNERR

 error opening alternate output

       Explanation:

       Could not access output medium

       User Action:

       If /OUTPUT was specified, verify the file name supplied with
       /OUTPUT. If /OUTPUT was not specified, check user runtime
       environment. See appropriate OpenVMS documentation for more
       details.

8.3.58  –  IMP_PREXISTS

 principal <principal> already exists in DCE

       Explanation:

       An attempt has been made to add <principal> to the DCE
       registry.

       User Action:

       None. This is a warning indicating that this suboperation in
       the IMPORT operation was previously performed.

8.3.59  –  IMP_PRINGRP

 principal <principal> already exists in group <group>

       Explanation:

       An attempt was made to add <principal> to DCE group <group>
       when it already was a member of the group. This action was
       attempted during an import operation.

       User Action:

       None. This is an informational message displayed only when
       /INFORM is specified on the DCE IMPORT command line.

8.3.60  –  IMP_PRINORG

 principal <principal> already exists in organization <organization>

       Explanation:

       An attempt was made to add <principal> to DCE organization
       <organization> when it was already a member of that
       organization. This action was attempted during an import
       operation.

       User Action:

       None. This is an informational message displayed only when
       /INFORM is specified on the DCE IMPORT command line.

8.3.61  –  IMP_PRINUSE

 principal <principal> in use by another OpenVMS username

       Explanation:

       The DCE principal name specified for the OpenVMS username
       being imported is associated with another OpenVMS username.

       User Action:

       Choose a DCE principal name that is not associated with any
       OpenVMS username.

8.3.62  –  IMP_RANGEERR

 error in entry! Number must be between 1 and 65535

       Explanation:

       The value entered for quota is not within the desired range.

       User Action:

       Enter a number between 1 and 65535.

8.3.63  –  IMP_TIMERR

 DCE time configuration error

       Explanation:

       Time configuration incorrect on the DCE system.

       User Action:

       Refer to the Troubleshooting chapter in the HP DCE for
       OpenVMS Alpha and OpenVMS I64 Product Guide.

8.3.64  –  IMP_TOOLONG

 input for <qualifier> too long

       Explanation:

       Value of <qualifer> is longer than expected maximum size of
       value.

       User Action:

       Enter a value that is within the valid size range.

8.3.65  –  IMP_USERERR

 error getting input from user

       Explanation:

       Error occurred while getting user input.

       User Action:

       Provide valid input.

8.4  –  ADD

 Adds OpenVMS usernames. The ADD command can only be used
 with the following qualifier:

    o  ADD/EXCLUDE       Adds an OpenVMS username to the IMPORT
                         exclude list (see /EXCLUDE).

    /EXCLUDE

    Adds an OpenVMS username to the IMPORT exclude list.

    Format:

    ADD/EXCLUDE  USERNAME

    Parameters

    username

    Specifies the name of the OpenVMS account to be added to
    the IMPORT exclude list.

8.5  –  DELETE

 Deletes OpenVMS usernames. The DELETE command can only be used
 with the following qualifier:

    o  DELETE/EXCLUDE    Deletes an OpenVMS username from the IMPORT
                         exclude list (see /EXCLUDE).

    /EXCLUDE

    Deletes an OpenVMS username from the IMPORT exclude list.

    Format:

    DELETE/EXCLUDE  USERNAME

    Parameters

    username

    Specifies the name of the OpenVMS account to be deleted
    from the IMPORT exclude list.

8.6  –  EXIT

 Exits the IMPORT utility. You can also exit IMPORT by
 pressing the Ctrl/Z key.

    Format:

    EXIT

8.7  –  IMPORT

 The IMPORT command is used to create DCE accounts based on
 OpenVMS accounts from an existing System Authorization File
 (SYSUAF).

    Format:

    IMPORT  VMS-USERNAME

       Qualifiers            Defaults

       /[NO]CONFIRM
       /DCE_LOGIN=(keyword=value,...)
       /[NO]IMPORT           /IMPORT
       /[NO]EXCLUDE          /NOEXCLUDE
       /[NO]INFORM           /INFORM
       /[NO]INTERACTIVE      /INTERACTIVE
       /MY_PASSWORD=passwd   None
       /OUTPUT[=output]      /OUTPUT=SYS$OUTPUT:
       /[NO]RECAP            /NORECAP
       /[NO]TEST_ONLY        /NOTEST_ONLY

       Data Qualifiers         Defaults

       /[NO]EXPIRATION_DATE=d  /NOEXPIRATION_DATE
       /FLAGS=flags
       /GOOD_SINCE_DATE=date   /GOOD_SINCE_DATE=now
       /GROUP=group            "none"
       /HOME_DIRECTORY=string  None
       /LIFETIME=hours         Taken from registry authorization
 			      policy
       /LOGIN_SHELL=string     None
       /MISCELLANEOUS=string   None
       /ORGANIZATION=organiza  "none"
       /PASSWORD=passwd        No valid password
       /PRINCIPAL=principal
       /RENEWABLE_LIFETIME=ho  Taken from registry authorization
 			      policy

8.7.1  –  Parameters

 vms-username

    Specifies the name of the OpenVMS account that is to be
    imported.

    If an asterisk is specified in place of the vms-username,
    all accounts from the OpenVMS system authorization
    file are selected.

8.7.2  –  Qualifiers

8.7.2.1    /CONFIRM

       /CONFIRM
       /NOCONFIRM

    Controls whether the IMPORT command asks for confirmation
    before creating a DCE principal or account, or both.

    In interactive mode the default is /CONFIRM. In non-
    interactive mode the default is /NOCONFIRM.

8.7.2.2    /DCE_LOGIN=(keyword=valud[,...])

       /DCE_LOGIN=(keyword=valud[,...])

    Provides DCE account details for accounts that are authorized to
    create pricipals and accounts in the DCE registry. Valid keywords
    for the DCE_LOGIN qualifier are as follows:

         Keyword         Description

         PRINCIPAL       The principal name to be used for
                         authentication purposes when creating
                         accounts and/or principals in the DCE
                         registry.

                         If you do not specify a principal with this
                         qualifier you are prompted for one
                         interactively.

         PASSWORD        The password associated with the principal
                         name that was specified by the PRINCIPAL
                         keyword.

                         If you do not specify a password with this
                         qualifier you are prompted for one
                         interactively.

    If you do not specify a principal or password with this
    qualifier, you are prompted for them interactively, regardless
    of whether or not you are running in interactive mode.  This
    information need be entered only once per session, on the first
    IMPORT command. Subsequent IMPORT commands within the same
    session do not require you to reenter this information.

    If you are an interactive user and you do not specify the
    PASSWORD keyword, IMPORT prompts you for your password.  The
    advantage in this is the password is not echoed and therefore
    does not appear on your terminal.

8.7.2.3    /EXCLUDE

       /EXCLUDE
       /NOEXCLUDE (default)

    Determines whether or not the OpenVMS account is imported
    to the DCE registry. If the OpenVMS account is not imported
    then the DCE account is not created and instead an entry
    is created in the IMPORT exclude file for the specified
    OpenVMS account.

8.7.2.4    /INFORM

       /INFORM  (default)
       /NOINFORM

    Determines whether or not the user is informed of OpenVMS
    accounts that would have been selected for import, but are
    not because they either have already been imported (for example,
    they have an entry in the DCE$UAF) or they have an entry in
    the IMPORT exclude file.

8.7.2.5    /INTERACTIVE

       /INTERACTIVE (default)
       /NOINTERACTIVE

    Controls whether an interactive or noninteractive import
    is performed.

    In interactive mode, a series of questions is asked and the
    user's responses are used to determine the account details.
    This mode is well suited to interactive users.

    In noninteractive mode, all input is supplied through the data
    qualifiers, and any missing or conflicting data causes
    the DCE account to not be created. This mode is well suited
    to command files and batch jobs.

    Data qualifiers can be specified in interactive mode.
    In this case the data they provide is used to provide the
    default answers to the relevant questions. All questions
    are still asked.

8.7.2.6    /MY_PASSWORD=passwd

       /MY_PASSWORD=passwd

    DCE requires that you specify your current DCE password
    for authentication purposes. If you do not specify your
    DCE password with this qualifier you are prompted for
    it interactively, regardless of if you are running in
    interactive mode or not.

    Omitting this qualifier and allowing IMPORT to prompt you
    for your DCE password has the advantage that in this case
    the password is not echoed and does therefore not appear on
    your terminal if you are an interactive user.

 OUTPUT[=output]

       /OUTPUT[=output]

    Defines where all program output should be written.
    The default is SYS$OUTPUT:.

8.7.2.7    /RECAP

       /RECAP
       /NORECAP (default)

    If /RECAP is specified details of the DCE account are
    displayed before it is actually created. When /CONFIRM
    is also specified the account details are displayed
    immediately before the confirmation request.

8.7.2.8    /TEST_ONLY

       /TEST_ONLY
       /NOTEST_ONLY (default)

    If /TEST_ONLY is specified, DCE accounts and DCE$UAF
    entries are not created.  All other functions operate normally.

8.7.3  –  Data Qualifiers

8.7.3.1    /EXPIRATION_DATE=date

       /EXPIRATION_DATE=date
       /NOEXPIRATION_DATE (default)

    Specifies the expiration date for the DCE account.

    If not specified, or if /NOEXPIRATION_DATE is specified,
    then the DCE account is created without an expiration date.

8.7.3.2    /FLAGS=([no]keyword[,...])

       /FLAGS=([no]keyword[,...])

    Specifies several attributes of the DCE account. The
    keywords you can specify are:

       Keyword         Description

       ACCOUNT_VALID   A flag that is set to determine account
                       validity. An account without this flag set
                       is invalid and cannot log in.

                       The default is ACCOUNT_VALID.

       CLIENT          A flag that is set to indicate whether or
                       not the account is for a principal that
                       can act as a client.

                       The default is CLIENT.

       DUPLICATE_KEYS  A flag that is set to determine if tickets
                       issued to the account's principal can have
                       duplicate keys.

                       The default is NODUPLICATE_KEYS.

       FORWARDABLE_    A flag that is set to determine whether a
       CERTIFICATES    new ticket-granting ticket with a network
                       address that differs from the present
                       ticket-granting ticket network address can
                       be issued to the account's principal. (The
                       Proxiable Certificate Flag performs the
                       same function for service tickets.)

                       The default is FORWARDABLE_CERTIFICATES.

       PASSWORD_VALID  A flag that is set to determine whether
                       the current password is valid. If this
                       flag is not set, the next time the
                       principal logs in to the DCE account,
                       the system prompts the principal to change
                       his password.

                       The default is PASSWORD_VALID.

       POSTDATED_      A flag that is set to determine if tickets
       CERTIFICATES    with a start time some time in the future
                       can be issued to the account's principal.

                       The default is NOPOSTDATED_CERTIFICATES.

       PROXIABLE_      A flag that is set to determine whether or
       CERTIFICATE     not a new ticket with a different network
                       address than the present ticket can be
                       issued to the account's principal. (The
                       Forwardable Certificate Flag performs
                       the same function for ticket-granting
                       tickets.)

                       The default is NOPROXIABLE_CERTIFICATE.

       RENEWABLE_      A flag that is set to determine if the
       CERTIFICATE     ticket-granting ticket issued to the
                       account's principal can be renewed.If this
                       flag is set the authentication service
                       renews the ticket-granting ticket if its
                       lifetime is valid.

                       The default is RENEWABLE_CERTIFICATE.

       SERVER          A flag that is set to indicate whether or
                       not the account is for a principal that
                       can act as a server.

                       The default is SERVER.

       TGT_            A flag that is set to determine whether
       AUTHENTICATION  or not tickets issued to the account's
                       principal can use the ticket-granting
                       ticket authentication mechanism.

                       The default is TGT_AUTHENTICATION.

8.7.3.3    /GOOD_SINCE_DATE=date

       /GOOD_SINCE_DATE=date

    Specifies the date and time that the account was known to be in
    an uncompromised state.

    If not specified, the Good Since Date is set to the current date
    and time.

8.7.3.4    /GROUP=group

       /GROUP=group

    Specifies the name of an existing DCE group that is
    associated with the account being created. Note that if
    the group does not exist it is not be created by IMPORT.

    The default group name is "none".

8.7.3.5    /HOME_DIRECTORY=string

       /HOME_DIRECTORY=string

    Specifies the directory in which the principal is placed at
    login.

    If not specified the DCE account is created without a Home
    Directory.

8.7.3.6    /LIFETIME=hours

       /LIFETIME=hours

    Specifies the maximum amount of time, in hours, that a
    ticket can be valid.

    If not specified the Maximum Certificate Lifetime defined
    as registry authorization policy is used.

8.7.3.7    /LOGIN_SHELL=string

       /LOGIN_SHELL=string

    Specifies the shell that is executed when a principal logs in.

    If not specified the DCE account is created without a login
    shell.

8.7.3.8    /MISCELLANEOUS=string

       /MISCELLANEOUS=string

    Specifies a text string that is typically used to describe
    the use of the account.

    If not specified the DCE account is created without a
    miscellaneous value.

8.7.3.9    /ORGANIZATION=organization

       /ORGANIZATION=organization

    Specifies the name of an existing DCE organization that is
    associated with the account being created. Note that if the
    organization does not exist it is not be created by IMPORT.

    The default organization name is "none".

8.7.3.10    /PASSWORD=passwd

       /PASSWORD=passwd

    Specifies the password to be assigned to the DCE account.

    If not specified the DCE account is created without a valid
    DCE password.

8.7.3.11    /PRINCIPAL=(keyword[,...])

       /PRINCIPAL=(keyword[,...])

    Specifies the principal that is associated with the DCE
    account that is being created.

    If an existing principal is to be associated with the DCE
    account being created then you need only specify NAME (and
    ALIAS if its an alias principal). The other keywords are
    only used when a new principal is created.

    The keywords you can specify are:

         Keyword          Description

         ALIAS            Specifies that the principal defined
                          by the NAME keyword is an alias. By
                          default the name is considered a primary
                          principal.

         CASE=keyword     Specifies how the principal name should be
                          Formatted. For example, to specify that the
                          principal name should be all lowercase, use
                          /PRINCIPAL=CASE=LOWERCASE. Possible
 			 keywords are:

                          NOEDIT           Do not perform any
                                           Format:ting. This is the
                                           default.

                          LOWERCASE[=n1[,n2]]Convert the principal
                                           name so that the first
                                           n1 characters and last
                                           n2 are lowercase, and the
                                           remainder are uppercase.
                                           If you do not specify
                                           a value for n1 then
                                           the entire principal is
                                           converted to lowercase.
                                           If you do not specify a
                                           value for n2 then 0 is
                                           used.

                          UPPERCASE[=n1[,n2]]Convert the principal
                                           name so that the first
                                           n1 characters and last
                                           n2 are uppercase, and the
                                           remainder are lowercase.
                                           If you do not specify
                                           a value for n1 then
                                           the entire principal is
                                           converted to uppercase.
                                           If you do not specify a
                                           value for n2 then 0 is
                                           used.

                          The default is NOEDIT.

         FULL_            An optional string that is used to more
         NAME=string      fully qualify a primary name. If the name
                          contains spaces, lowercase characters, or
                          any other special characters, enclose the
                          string in quotes.

                          The default is no full name.

         NAME=name        The standard name (primary or alias) that
                          is associated with the DCE account. If
                          the name contains spaces, lowercase
                          characters, or any other special
                          characters, enclose the string in quotes.

                          The default is to take the username
                          from the system authorization file
                          (SYSUAF) record, edit it according to
                          the CASE keyword, and then use this as the
                          principal name.

         OBJECT_          The number of registry objects that can be
         CREATION_        created by the principal.
         QUOTA=number     If you do not specify this keyword then
                          no quota is established and the principal
                          can create an unlimited number of registry
                          objects.

         UNIX_ID=number   The required UNIX ID that is associated
                          with the principal.

                          If a primary principal is being created
                          you can omit the UNIX ID and one is
                          generated automatically.

                          If an alias principal is being created
                          you must specify the UNIX ID of the
                          corresponding primary principal.

8.7.3.12    /RENEWABLE_LIFETIME=hours

       /RENEWABLE_LIFETIME=hours

    Specifies the amount of time, in hours, before a
    principal's ticket-granting ticket expires and that
    principal must log into the system again to reauthenticate
    and obtain another ticket-granting ticket.

    If not specified the Maximum Certificate Renewable Lifetime
    defined as registry authorization policy is used.

8.8  –  SHOW

 Displays OpenVMS usernames. The SHOW command can only be used
 with the following qualifier:

    o  SHOW/EXCLUDE      Displays OpenVMS usernames in the IMPORT
 			exclude list (see /EXCLUDE).

    /EXCLUDE

    Displays OpenVMS usernames in the IMPORT exclude list.

    Format:

    SHOW/EXCLUDE  [USERNAME]

         Qualifiers            Defaults

         /ALL
         /OUTPUT=output        /OUTPUT=SYS$OUTPUT:

8.8.1  –  Parameters

 username

    Specifies the name of the OpenVMS account to be displayed
    from the IMPORT exclude list.  Full OpenVMS wildcarding is
    allowed.

    If /ALL is on the command line, do not specify a username.

8.8.2  –  Qualifiers

8.8.2.1    /ALL

       /ALL

    Specifies that all IMPORT exclude entries are to be
    displayed. If you do not specify username, then /ALL is
    assumed.

8.8.2.2    /OUTPUT=output

       /OUTPUT=output

    Determines where the output is written.
    The default is SYS$OUTPUT:.

9  –  rgy_edit

 NAME
   rgy_edit - Edits the registry database

 SYNOPSIS

   rgy_edit [[[-a | -p | -g | -o] [-s name] [-up[date]]
   [-v [-f] [name | -un[ix__number]] [-nq]] | -l]

 OPTIONS
   The following options are supplied when rgy_edit  is invoked. You can
   specify only one of the options -a, -p, -g, and -o.  If you specify
   the -l option, you can specify no other options.

   -a (default)
             Edits or views accounts.

   -p        Edits or views principals.

   -g        Edits or views groups.

   -o        Edits or views organizations.

   -s        Binds to the registry site specified by name.  The name
             variable is either the fully qualified name of the cell
             that contains the registry to which you want access, or
             the fully qualified name of a specific registry server.

   -up[date] Binds to a read-write registry site in the cell specified
             by the -s option.

   -v        Views the registry entry specified by name or unix_number.
             If no entry is specified, all entries are viewed.

   -f        Displays in full the entry (or entries) selected by the -v
             option.  The full entry includes all fields except the
             membership list and organization policy.

   -nq       Specifies that delete operations will not be queried.  The
             default is to prompt the user for verification when a delete
             operation is requested.

   -l        Edits or views entries in local registry.

 NOTES
   With the exception of the following subcommands, this command is
   replaced at Revision 1.1 by the dcecp command.  This command may be
   fully replaced by the dcecp command in a future release of DCE, and
   may no longer be supported at that time.

     +  defaults

     +  domain

     +  scope

     +  help

     +  quit

     +  exit

     +  delete

     +  purge

     +  view

 DESCRIPTION

 The rgy_edit tool views and edits information in the registry database.
 You can invoke rgy_edit from any node.

 You can edit and view principals, groups, organization, accounts, and
 policies in the network registry (the default) or perform a subset of
 those functions on the local registry (using the -l option). Changes
 made by rgy_edit apply only to the registry. They do not apply to the
 local override file or the local password and group files, both of
 which can be edited manually. You can view and change only those
 registry objects to which you are granted the appropriate permissions.

 INVOKING RGY_EDIT

 When you invoke rgy_edit, it displays the following prompt:

      rgy_edit=>

 At this prompt, you can enter any of the rgy_edit subcommands, and
 rgy_edit will prompt you for the required information.  Alternatively,
 you can enter the subcommand followed by all the options required to
 perform a specific operation. The rgy_edit command may prompt you for
 any required information you do not enter.

 SUBCOMMANDS

 In the rgy_edit subcommands that follow, use two double quotation
 marks with nothing in between to indicate a null fullname, password,
 misc, homedir, or shell. Use double quotation marks to embed spaces,
 or hyphens in fullname, misc, and homedir if you specify the argument
 on the command line.

9.1  –  pgo_commands

   PRINCIPAL, GROUP, AND ORGANIZATION SUBCOMMANDS

   Whether name applies to a principal, group, or organization depends
   on the domain in which you run rgy_edit.  Use the do[main]
   subcommand (described in Miscellaneous Commands) to change domains.

9.1.1  –  view

 v[iew] [name] [-f] [-m] [-po] Views registry entries.

 The -f option displays entries in full (all fields except the
 membership list and organization policy).

 If you are viewing groups or organizations, -m displays the
 membership list.  For principals, -m lists all groups of which
 the principal is a member, including groups that cannot appear
 in a project list.

 If you are viewing organizations, -po displays policy information.
 If you do not enter the -po option, rgy_edit shows only the
 organization's name and the UNIX number.

9.1.2  –  add

 a[dd] [principal_name [unix_number] [-f fullname] [-al] [-q quota]]
 a[dd] [group_name  [unix_number] [-f fullname [-nl]]] [-al] ls
 a[dd] [organization_name [unix_number] [-f fullname]]

 Create a new name entry.

 If you do not specify principal_name, group_name, or organization
 name, the add subcommand prompts you for each field in the entry.
 If you are adding organizations, the command prompts you for policy
 information as well. If you specify only principal_name, group_name,
 or organization_name and no other arguments, the object's fullname
 defaults to "" (that is, blank), the object's UNIX number is
 assigned automatically, and the object's creation quota defaults to
 unlimited.

 Use the -al option to create an alias for an existing principal or
 group.  No two principals or groups can have the same UNIX number,
 but a principal or group and all its aliases share the same UNIX
 number.  The -al option creates an alias name for a principal or
 group and assigns the alias name the same UNIX number as the
 principal or group.

 The -q option specifies the principal's object creation quota, the
 total number of registry objects that can be created by the
 principal.  If you do not specify this option, the object creation
 quota defaults to unlimited.  For groups, the -nl option indicates
 that the group is not to be included on project lists; omitting
 this option allows the group to appear on project lists.

9.1.3  –  change

 c[hange] [principal_name [-n name] [-f fullname] [-al | -pr]
          [-q quota]]
 c[hange] [group_name [-n name] [-f fullname] [-nl | -l] ]
          [-al | -pr]
 c[hange] [organization_name [-n name] [-f fullname]]

 Changes a principal, group, or organization.

 Specify the entry to change with principal_name, group_name, or
 organization_name. If you do not specify a principal_name,
 group_name, or organization_name, the change subcommand prompts
 you for a name.  If you do not specify any fields, the subcommand
 prompts you for each field in succession.  To leave a field
 unchanged, press <RETURN> at the prompt.  If you are changing
 organization entries in the interactive mode, the subcommand
 prompts you for policy information as well.

 Use -n name and -f fullname, to specify a new primary name or
 fullname, respectively.

 For principals and groups, the -al option changes a primary name
 into an alias, and the -pr option changes an alias into a primary
 name.  This change can be made only from the command line, not in
 the interactive mode.  The -q option specifies the total number of
 registry objects that can be created by the principal.

 For group entries, the -nl option disallows the group from
 appearing in project lists, while the -l option allows the group
 to appear in project lists.

 For organization entries, you can change policy information only in
 the interactive mode.

 Changes to a principal name are reflected in membership lists that
 contain the principal name. For example, if the principal ludwig is
 a member of the group composers and the principal name is changed
 to louis, the membership list for composers is automatically
 changed to include louis but not ludwig.

 For reserved names, you can change only fullname.

9.1.4  –  member

 m[ember] [group_name | organization_name [-a member_list]
          [-r member_list] ]

 Edits the membership list for a group or organization.

 If you do not specify a group or organization, the member subcommand
 prompts you for names to add or remove.

 To add names or aliases to a membership list, use the -a option
 followed by the names separated by commas. To delete names from a
 membership list, use the -r option followed by the names separated
 by commas.  If you do not include either the -a or -r option on the
 command line, rgy_edit prompts you for names to add or remove.

 Removing names from the membership list for a group or organization
 has the side effect of deleting the login account for removed member
 (and, of course, eliminating any permissions granted as a result of
 the membership the next time the member's ticket-granting ticket is
 renewed).

9.1.5  –  delete

 del[ete] name

 Deletes a registry entry.

 If you delete a principal, rgy_edit deletes the principal's
 account.If you delete a group or organization, rgy_edit deletes
 any accounts associated with the group or organization.  You
 cannot delete reserved principals.

9.1.6  –  adopt

 adopt uuid principal_name [-u unix_number] [ -f fullname] [-q quota]
 adopt uuid group_name [-f fullname] [-nl]
 adopt uuid organization_name [-f fullname]

 Creates a principal, group, or organization for the specified UUID.

 The principal, group, or organization is created to adopt an orphan
 object.  Orphans are registry objects that cannot be accessed
 because 1) they are owned by UUIDs that are not associated with a
 principal or group and 2) no other principal, group, or organiza-
 tion has access rights to the orphaned object.  UUIDs are associ-
 ated with all registry objects when the object is created.  When
 the registry object is deleted, the association between the object
 and the UUID is also deleted.

 The principal_name, group_name, or organization_name you specify
 must be unique in the registry as it must be when you create a
 principal, group, or organization using the add subcommand. Except
 for the manner in which it is created, the principal, group, or
 organization created by the adopt subcommand is no different from
 any other principal, group, or organization.  The uuid option
 specifies the UUID number to be assigned to the principal, group,or
 organization. The UUID supplied must be the one that owns the
 orphaned object. Specify the uuid in RPC print string format as 8
 hexadecimal digits, a hyphen; 4 hexadecimal digits, a hyphen; 4
 hexadecimal digits, a hyphen; 4 hexadecimal digits, a hyphen;
 and 12 hexadecimal digits.  The format follows:

               nnnnnnnn-nnnn-nnnn-nnnn-nnnnnnnnnnnn

 For cell principals only, the -u option specifies the UNIX number to
 be associated with the cell name.  If you do not enter this option,
 the next sequential UNIX number is supplied as a default. For all
 principals other than cells, the UNIX number is extracted from
 information embedded in the principal's UUID and cannot be
 specified here.

 For principals, the -q option specifies the principal's object
 creation quota.  If you do not enter the option, the object
 creation quota is set to "unlimited."

 For groups, the -nl option turns off the project list inclusion
 property so that groups are not included in project lists.  If you
 do not enter this option, the group is included in project lists.

 For principals, groups, and organizations, the -f option supplies
 the object's fullname.  If you do not enter the -f option, fullname
 defaults to blank.

 An error occurs if you specify a name or UNIX number that is
 already  defined within the same domain of the database.

 Note that in the current implementation of the DCE, UNIX numbers
 are embedded in UUID numbers. If you try to create a group or
 organization to adopt an orphaned object and fail, it could be
 because the embedded UNIX number is invalid because it does not
 fall within the range of valid UNIX numbers set for the cell as
 a registry property.  If this is the case, you must reset the
 range of valid UNIX numbers to include the UNIX number embedded
 in the UUID and then try again to adopt the object.

9.2  –  account_commands

   ACCOUNT SUBCOMMANDS

9.2.1  –  view

 v[iew] [pname [gname [oname]]] [-f]

   Displays login accounts.

   Without the -f option, view displays only the user fields in each
   account entry. These fields include each account's

     +  Principal, group, and organization name

     +  Encrypted password

     +  Miscellaneous information

     +  Home directory

     +  Login shell

   With -f, view displays the full entry, including the adminis-
   trative fields as well as the user fields.  Administrative
   information includes:

     +  Who created the account

     +  When the account was created

     +  Who last changed the account

     +  When the account was last changed

     +  When the account expires

     +  Whether the account is valid

     +  Whether the account principal's password is valid

     +  When the account principal's password was last changed

9.2.2  –  add

 a[dd] [pname [-g gname -o oname -mp password {-rp | -pw password}
       [-m misc] [-h homedir] [-s shell]
       [-pnv | -pv] [-x account_exp | none] [-anv | -av]
       [ [-ena[ble] option | -dis[able] option]...]
       [-gs date_and_time] [-mcr lifespan] [-mcl lifespan]]]

 Creates a login account.

 If you enter the subcommand only or the subcommand and the optional
 pname argument (principal name), rgy_edit prompts you for all
 information.  If you enter the subcommand, the pname argument, and
 the gname (group name) argument or the the pname, gname and oname
 (organization name) arguments, you must also enter the -mp, and -pw
 or -rp options.  All other options are optional.

 The pname argument specifies the principal for whom the account
 should be created. The -g and -o options specify the account's group
 and organization.  If the principal specified in pname is not
 already a member of the specified group and organization, rgy_edit
 automatically attempts to add the principal to the membership lists.
 If you do not have the appropriate permissions for the group and
 organization, the attempt will fail and the account will not be
 created.

 The -rp option generates a random password for the account. The
 primary use of this option is to create passwords for accounts that
 will not be logged into (since the random password can never be
 supplied.) The -pw option is used to supply a password for the
 account on the command line.

 If you use the -rp option or the -pw option, you must also use the
 -mp option to supply your password so your identity can be
 validated.

 If you do  not specify the -rp option or the -pw option, rgy_edit
 prompts for the account's password twice to ensure you did not make
 a typing mistake. Then it prompts for your password to verify your
 identity.

 If the user's password management policy allows the selection of
 generated passwords, specifying "*" as the argument to the -pw
 option or at the account's password prompt automatically generates
 a plaintext password.

 If the user's password management policy requires the selection of
 generated passwords, specifying the -pw option is an error.
 rgy_edit displays a generated password and then prompts for the
 password for confirmation.  The format of password must adhere to
 the policy of the associated organization or the policy of the
 registry as a whole, whichever is more restrictive.

 The information supplied with the -m option is used to create the
 GECOS field for the account in the /etc/passwd file [on UNIX].

 The -h option specifies the pathname of the principal's home
 directory.  The default homedir is /. The -s option specifies the
 pathname of the principal's login shell.  The default shell is a
 null string.

 The -pnv (password not valid) option specifies that the password
 has expired. Generally, users must change their passwords when the
 passwords expire. However, the policy to handle expired passwords
 and the mechanism by which users change their passwords are defined
 for each platform, usually through the login facility.  The -pv
 option indicates the password is not expired (the default).

 The -x option sets an expiration date for the account in
 yy/mm/dd/hh/mm/ss format. The default is "none," meaning that
 the password will never expire.

 The -anv (account not valid) option specifies that the account is
 not currently valid for login. The -av option indicates the account
 is currently valid (the default).

 The -enable and -disable options set or clear the following options:

  +  The c[lient] option, if enabled, allows the principal to act as
     a client and log in, acquire tickets, and be authenticated.  If
     you disable client, the principal cannot act as a client.  The
     default is enabled.

  +  The s[erver] option, if enabled, allows the principal to act as
     a server and engage in authenticated communication.  If you
     disable server, the principal cannot act as a server that
     engages in authenticated communication. The default is enabled.

  +  The po[stdated] option, if enabled, allows tickets with a start
     time some time in the future to be issued to the account's
     principal. The default is disabled.

  +  The f[orwardable] option, if enabled, allows a new ticket-
     granting ticket with a network address that differs from the
     present ticket-granting ticket address to be issued to the
     account's principal.  The default is enabled.

  +  The pr[oxiable] option, if enabled, allows a new ticket with a
     different network address than the present ticket to be issued
     to the account's principal.   The default is disabled.

  +  The T[GT_authentication] option, if enabled, specifies that
     tickets issued to the account's principal can use the ticket-
     granting-ticket authentication mechanism.  The default is
     enabled.

  +  The r[enewable] option turns on the Kerberos V5 renewable
     ticket feature. This feature is not currently used by the DCE;
     any use of this option is unsupported at the present time.

  +  The dup[_session_key] option allows tickets issued to the
     account's principal to have duplicate keys.  The default is
     disabled.

 The -gs (good since date) is the date and time the account was last
 known to be valid. When accounts are created, this date is set to
 the account creation time.  If you change the good since date, any
 tickets issued before the changed date are invalid.  Enter the date
 in yy/mm/dd.hh:mm format.

 The -mcr (maximum certificate renewable) option is the number of
 hours before a session with the principal's identity expires and
 the principal must log in again to reauthenticate. The default
 is 4 weeks.

 The -mcl (maximum certificate lifetime) option is the number of
 hours before the Authentication Service must renew a principal's
 service certificates.  This is handled automatically and requires
 no action on the part of the principal. The default is 1 day.

9.2.3  –  change

 c[hange] [-p pname] [-g gname] [-o oname]
          [-np pname] [-ng gname] [-no oname]
          [{-rp | -pw password} -mp password]
          [-m misc] [-h homedir] [-s shell]
          [-pnv | -pv] [-x account_exp | none] [-anv | -av]
          [[-ena[ble] option | -dis[able] option]...]
          [-gs date_and_time] [-mcr lifespan] [-mcl lifespan]

 Changes an account.

 The -p, -g, and -o options identify the account to change. The -np,
 -ng, and -no options change the account's, principal, group, and
 organization, respectively.

 If you do not specify all three -p, -g, and -o options, wildcard
 updates can occur.  For example, if you specify only the -g option,
 the changes affect all accounts that are associated with the named
 group.  Note that you cannot use wildcarding to change passwords.
 To change a password, you must enter the -p, -g, and -o options.

 All other options have the same meaning as described in the add
 command for accounts.  Note that the -rp option can be used to
 change the random passwords of the reserved accounts created by
 sec_create_db when the registry database is created.

9.2.4  –  delete

 del[ete] -p pname [-g gname] [-o oname]

 Deletes the specified account.

 Enter the -p option to delete the specified principal's account.
 Enter the -g or -o option to delete accounts associated with the
 specified group or organization.  If you enter the -g or -o option,
 rgy_edit prompts individually for whether to delete each account
 associated with the group or organization.

9.2.5  –  cell

 ce[ll] cellname [-ul unix_num] [-uf unix_num] [-gl gname]
                 [-ol oname] [-gf gname] [-of oname] [-mp passwd]
                 [-fa name] [-fp passwd] [-q quota]
                 [-x account_expiration_date | none]

 Creates a cross-cell authentication account in the local and
 foreign cells.

 This account allows local principals to access objects in the
 foreign cell as authenticated users and vice versa. The admin-
 istrator in the foreign cell must have also set up a standard
 account, whose ID and password the administrator of the foreign
 cell must supply to you.

 The cellname variable specifies the full pathname of the foreign
 cell with which you will establish the cross-cell authentication
 account. This name is stripped of the path qualifier and prefixed
 with "krbtgt." The resulting name is used as the primary name for
 the cross-cell authentication account.  For example, if you enter
  /.../dresden.com, the principal name is krbtgt/dresden.com.

 The -ul option specifies the UNIX number for the local cell's
 principal.  The -uf option specifies the UNIX number for the
 foreign cell's principal.  If you do not specify these UNIX
 numbers, they are generated automatically.

 The -gl and -ol options specify the local account's group and
 organization.  The -gf and -of options specify the foreign
 account's group and organization.

 The -mp option specifies the password of the person who invoked
 rgy_edit.

 The -fa option specifies the name identifying the account in the
 foreign cell, and the -fp option specifies the account's password.

 The -q option specifies the total number of objects that can be
 created in your cell's registry by all foreign users who use the
 cross-cell authentication account to access your cell.  The object
 creation quota defaults to 0 (zero), meaning that principals in the
 foreign cell cannot create objects in the local cell. The object
 creation quota set for your cell's account in the foreign cell
 places the same restriction on the number of objects that your
 cell's principals can create in the foreign cell's registry.

 The -x option specifies the account expiration date for both the
 local and foreign accounts. The default for this option is "none."

 Note that the object creation quota for the local account defaults
 to 0 (zero), meaning that principals in the foreign cell cannot
 create objects in the local cell. You can change this with the
 rgy_edit change subcommand.

9.3  –  key_management_commands

 KEY MANAGEMENT SUBCOMMANDS

 The key management subcommands must be run in command-line mode.

9.3.1  –  ktadd

 kta[dd] -p principal_name [-pw password] [-a[uto]] [-r[egistry]]
                           [-f key-file]

 Creates a password for a server or machine in the keytab file on
 the local node.

 The -p option specifies the name of the server or machine principal
 for which you are creating a password.

 The -pw option lets you supply the password on the command line. If
 you do not enter this option or the -auto option, ktadd prompts for
 the password.

 The -a option generates the password randomly.  If you use this
 option, you must also use the -r option.  If you do not specify
 the -auto or the -pw option, you are prompted for a password.

 The -r option updates the principal's password in the registry to
 match the string you enter (or automatically generate) for the
 password in the keytab file.  Use it to ensure that the principal's
 password in the registry and the keytab file are in synch when you
 change a principal's password in the keytab file.  To use this
 option, a password for the principal must exist in the default
 keytab file or the keytab file named by the -f option.

 The -f option specifies the name of the server keytab file on the
 local node to which you are adding the password. If you do not
 specify a keytab file name, dce$local:[krb5]v5srvtab.; is used.
 Note that you must be privileged to add entries in the default
 keytab file.

9.3.2  –  ktlist

 ktl[ist] [-p principal_name] [-f keyfile]

 Displays principal names and password version numbers in the local
 keytab file.

 The -p option specifies the name of the server or machine principal
 for which you are displaying passwords.

 The -f option specifies the name of the server keytab file on the
 local node for which you want to display entries. If you do not
 specify a keytab file name, dce$local:[krb5]v5srvtab.; is used.

9.3.3  –  ktdelete

 ktd[elete] -p principal_name -v version_number [-f keyfile]

 Deletes a sever or machine principal's password entry from a keytab
 file.

 The -p option specifies the name of the server or machine principal
 for whom you are deleting a password entry.

 The -v option specifies the version number of the password you want
 to delete.  Version numbers are assigned to a principal's password
 whenever the principal's password is changed.  This allows any
 servers or machines still using tickets granted under the old pass-
 word to run without interruption until the ticket expires naturally.

 The -f option specifies the name of the server keytab file on the
 local node from which you want to delete passwords. If you do not
 specify a keytab file name, dce$local:[krb5]v5srvtab.; is used.
 Note that you must be privileged to delete entries in the default
 keytab file.  You must have the appropriate access rights to
 delete entries in other keytab files.

9.4  –  miscellaneous_commands

 Miscellaneous Commands

9.4.1  –  domain

 do[main] [p | g | o | a]

 Changes or displays the type of registry information being viewed
 or edited.

 You can specify p for principals, g for groups, o for
 organizations, or a for accounts. If you supply no argument,
 rgy_edit displays the current domain.

9.4.2  –  site

 si[te] [[name]] [-u[pdate]]

 Changes or displays the registry site being viewed or edited.

 The name variable is the fully qualified name of the cell that
 contains the registry to which you want access. If you supply no
 argument, rgy_edit displays the current site.

 The -update option indicates you want to talk to an update site in
 the specified cell.

9.4.3  –  properties

 prop[erties] Changes or displays registry properties.

 This command prompts you for changes. Press <Return> to leave
 information unchanged.

9.4.4  –  policy

 po[licy] [organization_name] [-al lifespan | forever]
          [-pl passwd_lifespan | forever]
          [-px passwd_exp_date | none] [-pm passwd_min_length]
          [-pa | -pna] [-ps | -pns]

 Changes or displays registry standard policy or the policy for an
 organization.

 Enter organization_name to display or change policy for that
 specific organization.  If you do not enter organization_name the
 subcommand affects standard policy for the entire registry.

 The -al option determines the account's lifespan, the period during
 which accounts are valid.  After this period of time passes, the
 accounts become invalid and must be recreated.   An account's
 lifespan is also controlled by the add and change subcommands -x
 option.  If the two lifespans conflict, the shorter one is used.
 Enter the lifespan in the following in the following format:

       weekswdaysdhourshminutesm

 For example, 4 weeks and 5 days is entered as 4w5d.

 If you enter only a number and no weeks, days, or hours designation,
 the designation defaults to hours.  If you end the lifepan with a
 number and no weeks, days, or hours designation, the number with no
 designation defaults to seconds.  For example, 12w30 is assumed to
 be 12 weeks thirty seconds.

 The -pl option determines the password lifespan, the period of time
 before account's password expires. Generally, users must change
 their passwords when the passwords expire. However, the policy to
 handle expired passwords and the mechanism by which users change
 their passwords are defined for each platform, usually through the
 login facility.

 Enter passwd_lifespan as a number indicating the number of days.
 If you define a password lifespan as forever, the password has an
 unlimited lifespan.

 The -px option specifies the password expiration date in
 yy/mm/dd/hh.mm:ss format. Generally, users must change their
 passwords when the passwords expire. However, the policy to
 handle expired passwords and the mechanism by which users change
 their passwords are defined for each platform, usually through
 the login facility.

 If you define a password expiration date as none, the password has
 an unlimited lifespan.

 The -pm, -ps, -pns, -pa, and -pna options all control the format of
 passwords as follows:

   +  -pm - Specifies the minimum length of passwords in characters.
      If you enter 0, no password minimum length is in effect.

   +  -ps and -pns - Specify whether passwords can contain all spaces
      (-ps) or can not be all spaces (-pns).

   +  -pa and -pna - Specify whether passwords can consist of all
      alphanumeric characters (-pn) or must include some non-
      alphanumeric characters (-pna).

9.4.5  –  auth_policy

 au[th_policy]

 Changes and/or displays registry authentication policies.

 This command prompts you for changes. Press <Return> to leave
 information unchanged.

9.4.6  –  defaults

 def[aults]

 Changes or displays the home directory, login shell, password valid
 option, account expiration date, and account valid option default
 values that rgy_edit uses.

 This command first displays the current defaults.  It then prompts
 you for whether or not you want to make changes. If you make
 changes, defaults immediately changes the defaults for the current
 session,  and it saves the new defaults in sys$login:.rgy_editrc.
 The newly saved defaults are used until you change them.

9.4.7  –  help

 h[elp] [command

 Displays usage information for rgy_edit.

 If you do not specify a particular command, rgy_edit lists the
 available commands.

9.4.8  –  quit

 q[uit]

 Exit rgy_edit.

9.4.9  –  exit

 e[xit]

 Exit rgy_edit.

9.4.10  –  login

 l[ogin]

 Lets you establish a new network identity for use during the
 rgy_edit session.

 The rgy_edit login command prompts for a principal name and
 password.

9.4.11  –  scope

 sc[ope] [name]

 Limits the scope of the information displayed by the view
 subcommand to the directory (specified by name) in the registry
 database.

9.5  –  local_registry_commands

 Commands for the Local Registry

 To edit or view the local registry, invoke rgy_edit with the -l option
 while you are logged into the machine whose local registry you want to
 maintain.  This section lists the commands that are valid for editing
 or viewing the local registry.  When you invoke rgy_edit with the -l
 option, only the subcommands and options listed here can be used.

9.5.1  –  view

 v[iew]

 Displays local registry entries.

9.5.2  –  delete

 del[ete] principal_name

 Deletes the account and credential information for principal_name
 from the local registry.

9.5.3  –  purge

 pu[rge]

 Purges expired local registry entries.

 This command has no options or arguments.

 The time limit, or lifespan, for which an entry in the local
 registry is valid is set as a property of the local registry
 with the properties subcommand.  When the purge subcommand is
 run, it deletes all expired entries.  The lifespan begins when
 an entry for the principal is added to the local registry (that
 is, the beginning of the lifespan is the last time the principal
 logged in to the local machine.) The lifespan ends after the time
 limit set as a local registry property.

9.5.4  –  properties

 pr[operties]

 Changes and/or displays local registry properties and policies.

 This command displays the current properties and then prompts for
 whether you want to make changes to them.  You can change the local
 registry's:

  +  Capacity - A number representing the total number of entries
     the local registry can contain at any one time. When the
     capacity is reached, subsequent new entries overwrite the
     oldest entries.

  +  Account lifespan - The time in which an account in the local
     registry is valid in the following format:

         weekswdaysdhourshminutesm

     For example, 4 weeks and 5 days is entered as 4w5d.  If you
     enter only a number and no weeks, days, or hours designation,
     the designation defaults to hours.  If you end the lifepan
     with a number and no weeks, days, or hours designation, the
     number with no designation defaults to seconds.  For example,
     12w30 is assumed to be 12 weeks thirty seconds.

10  –  secd

 NAME

    secd - The DCE Security Server

 SYNOPSIS

  secd [-b[ootstrap]] [-lockpw] [-locksm[ith]] [pname] [-rem[ote]]
       [-master_seqno new_master_seqno] [-cpi time] [-restore_master]
       [-v[erbose]]

 OPTIONS

 -locksm[ith]
           Restarts the master Security Server in locksmith mode. Use
           this mode if you cannot access the registry as the principal
           with full registry access, because that principal's account
           has been inadvertently deleted or its password lost.

 -pname     The pname argument is the name of the locksmith principal. If
           no registry account exists for this principal, secd creates
           one.

 -lockpw   Prompt for a new locksmith password when running in locksmith
           mode. This option allows you to specify a new password for the
           locksmith account when the old one is unknown.

 -rem[ote] Allows the locksmith principal to log in remotely.  If this
           option is not used, the principal must log in from the local
           machine on which secd will be started.

 -bo[otstrap]
           Always waits only one minute between tries to export binding
           information to the Cell Directory Service during DCE config-
           uration.  If you do not specify this option, during initial-
           ization secd sleeps for 1 minute if CDS is not available when
           it tries to export binding information.  If the export fails
           a second time, it sleeps for 2 minutes before it tries again.
           If it still fails, it sleeps for 4, 8, and 16 minutes between
           retries.  Then, sleep time stays at 16 minutes until the
           binding export succeeds.

 -master_seqno
           Sets a new master sequence number for the master replica. This
           option is used only in unusual situations when a replica that
           you want to be the master has a master sequence number that is
           lower than (or equal to) another master sequence number in the
           system.  When the master detects that its master sequence
           number is lower than another one in the system, it marks
           itself as a duplicate master and its process exits. Each time
           you start the master replica, it will notice that it has been
           deemed a duplicate master, and its process will again exit.
           Use this option to assign a new master sequence number to the
           replica you want to be master.  The new sequence number should
           be one digit higher than the highest master sequence number in
           the system.  (Use the dcecp registry show -replica command for
           each replica to find the highest master sequence number.)

 -cpi      The checkpoint interval for the mater registry database.  This
           is the interval in seconds at which the master will read its
           database to disk.  The default is one hour.

 -restore_master
            Marks all slave replicas for initialization during the master
            restart. Use this option only to recover from a catastrophic
            failure of the master security server (for example, if the
            database is corrupted and then restored from a backup tape).

 -v[erbose]]
            Runs in verbose mode.

 All options start the Security Server on the local node.

 DESCRIPTION

 The secd daemon is the Security Server. It manages all access to the
 registry database. You must have root privileges to invoke the secd.

 The Security Server can be replicated, so that several copies of the
 registry database exist on a network, each managed by a secd process.
 Only one Security Server, the master replica, can perform database
 update operations (such as adding an account).  Other servers, the
 slave replicas, can perform only lookup operations (such as validating
 a login attempt).

 A DCE Host daemon (dced) must be running on the local node when secd is
 started.  Typically, dced and secd are started at boot time. The secd
 server places itself in the background when it is ready to service
 requests.

 LOCKSMITH MODE

 The secd -locksmith option starts secd in locksmith mode.  The
 -locksmith option can be used only with the master replica. In
 locksmith mode, the principal name you specify to secd with pname
 becomes the locksmith principal.  As the locksmith principal, you
 can repair malicious or accidental changes that prevent you from
 logging in with full registry access privileges.

 If no account exists for pname, secd establishes one and prompts you
 for the account's password. (Use this password when you log in to the
 account as the locksmith principal.) If an account for pname exists,
 secd changes the account and policy information as described in the
 tables titled "Locksmith Account Changes Made by the Security Server"
 and "Registry Policy Changes Made by the Security Server." These
 changes ensure that even if account or registry policy was tampered
 with, you will now be able to log in to the locksmith account.

 In locksmith mode, all principals with valid accounts can log in and
 operate on the registry with normal access checking.  The locksmith
 principal, however, is granted special access to the registry: no
 access checking is performed for the authenticated locksmith principal.
 This means that, as the locksmith principal, you can operate on the
 registry with full access.  The following table shows locksmith account
 changes that can be made by the security server.

 IF THE SECURITY SERVER FINDS                  IT CHANGES
 Password-Valid flag is set to no              Password-Valid flag to yes
 ________________________________________________________________________
 Account Expiration date is set to             Account Expiration date to
 less than the current time plus one           the current time plus one
 hour                                          hour
 ________________________________________________________________________
 Client flag is set to no                      Client flag to yes
 ________________________________________________________________________
 Account-Valid flag is set to no               Account-Valid flag to yes
 ________________________________________________________________________
 Good Since date is set to greater             Good Since date to the
 than the current time                         current time
 ________________________________________________________________________
 Password Expiration date is set               Password Expiration date
 to less than current time plus                to the current time plus
  one hour                                     one hour
 ------------------------------------------------------------------------

 The following table shows registry policy changes that can be made by
 the security server.

            IF THE SECURITY SERVER FINDS   IT CHANGES
            Account Lifespan is set to     Account Lifespan to the
            less than the difference       current time plus one hour
            between the locksmith          minus the locksmith
            account creation date and      account creation date
            the current time plus one
            hour
            _________________________________________________________
            Password Expiration date is    Password Expiration date
            set to greater than the time   to the current time plus
            the password was last          one hour
            changed but less than the
            current time plus one hour

 Use the -lockpw option if the locksmith account exists but you do not
 know its password.  This option causes secd to prompt for a new lock-
 smith password and replace the existing password with the one entered.

 Use the -remote option to allow the locksmith principal to log in from
 a remote machine.
 The secd program normally runs in the background. When you start
 secd in locksmith mode, it runs in the foreground so that you can
 answer prompts.

 EXAMPLES

 All of the commands shown in the following examples must be run by a
 privileged process:

  1.  Start a Security Server after you create the database with
      sec_create_db.

            $ run sys$system:dce$secd

  2.  Restart an existing replica (master or slave).

            $ run sys$system:dce$secd

  3.  Start the Security Server in locksmith mode and allow the
      master_admin principal to log in on a remote machine.

            $ secd :== $sys$system:dce$secd.exe
            $ secd -locksmith master_admin -remote

11  –  sec_admin

 NAME

    sec_admin - Registry replica administration tool

 SYNOPSIS

   sec_admin  [-site name] [-nq]

 OPTIONS

 -site name
           The -site option causes sec_admin to bind to the replica
           specified by the name argument.  If the option is not
           supplied, sec_admin binds randomly to any replica in the
           local cell.  The name argument can be:

           +  A specific cell_name (or /.: for the local cell) to
              bind to any replica in the named cell.

           +  The global name of a replica to bind to that specific
              replica in that specific cell.

           +  The name of a replica as it appears on the replica list
              to bind to that replica in the local cell.

           +  A string binding to a specific replica.  An example of a
              string binding is ncadg_ip_udp:15.22.144.163. This form
              is used primarily for debugging or if the Cell Directory
              Service is not available.

 -nq       The -nq flag turns off queries initiated by certain sec_admin
           subcommands before they perform a specified operation. For
           example the delrep subcommand deletes a registry replica.
           Before sec_admin performs the deletion, it prompts for verifi-
           cation.  If you invoke sec_admin with the -nq option, the
           subcommand performs the deletion without prompting.

 NOTES
 With the exception of the following subcommands, this command is
 replaced at Revision 1.1 by the dcecp command.  This command may be
 fully replaced by the dcecp command in a future release of DCE, and
 may no longer be supported at that time.

   +  monitor

   +  exit

   +  help

   +  quit

 DESCRIPTION

 The registry database is replicated: each instance of a registry server,
 secd, maintains a working copy of the database in virtual memory and on
 disk. One server, called the master replica, accepts updates and handles
 the subsequent propagation of changes to all other replicas. All other
 replicas are  slave replicas, which accept only queries. Each cell has
 one master replica and numerous slave replicas.

 Using the sec_admin command you can:

   +  View a list of replicas

   +  Delete a replica

   +  Reinitialize a replica

   +  Stop a replica

   +  Put the master replica into and out of the maintenance state

   +  Generate a new master key used to encrypt principal keys

   +  Turn the master registry into a slave registry and a slave registry
      into the master registry..

 Note that sec_admin cannot add, delete, or modify information in the
 database, such as names and accounts.  Use rgy_edit to modify registry
 database entries.

 THE DEFAULT REPLICA AND DEFAULT CELL

 Most sec_admin commands are directed to a default replica.  When
 sec_admin is invoked, it automatically binds to a replica in the local
 cell.  This replica becomes the default replica.

 Identifying the Default Replica and the Default Cell

 You use the site subcommand to change the default replica and,
 optionally, the default cell. When you use the site command, you can
 supply the name of a specific replica, or you can simply supply the
 name of a cell. If you supply a cell name, sec_admin binds to a
 replica in that cell randomly.  If you supply a specific replica name,
 sec_admin binds to that replica.

 Specifically, you can supply any of the following names to the site
 subcommand:

   +  A cell name.  If you enter a cell name, the named cell becomes the
      default cell.  The sec_admin command randomly chooses a replica to
      bind to in the named cell, and that replica becomes the default
      replica.

   +  The global name given to the replica when it was created.  A global
      name identifies a specific replica in a specific cell.  That cell
      becomes the default cell and that replica the default replica.

   +  The replica's name as it appears on the replica list (a list main-
      tained by each Security Server containing the network addresses of
      each replica in the local cell).  That replica becomes the default
      replica and the cell in which the replica exists becomes the
      default cell.

   +  The network address of the host on which the replica is running.
      The replica on that host becomes the default replica, and the cell
      in which the host exists becomes the default cell.

 Naming the Default Replica

 As an example, assume a replica named subsys/dce/sec/rs_server_250_2:

 +  Exists in the local cell /.../dresden.com

 +  Has a global name of /.../dresden.com/subsys/dce/sec/rs_server_250_2

 +  Is named subsys/dce/sec/rs_server_250_2 on the replica list

 +  Runs on a host whose ip network address is 15.22.144.248

 This replica can then be identified to the site subcommand in any of the
 following ways:

 +  /.../dresden.com/subsys/dce/sec/rs_server_250_2 - The replica's full
    global name.

 +  subsys/dce/sec/rs_server_250_2 - The replica's cell-relative name on
    the replica list.

 +  ncadg_ip_udp:15.22.144.248  - The network address of the host on
    which the replica runs.

 Naming the Default Cell

 When a default replica is identified specifically, its cell becomes the
 default cell.  In the example in "Naming the Default Replica" above, the
 default cell is /.../dresden.com.

 You can specify simply a cell name to the site subcommand. When this is
 done, any replica in that cell is selected as the default replica.

 For example, assume

  /.../bayreuth.com/subsys/dce/sec/rs_server_300_1

  and

  /.../bayreuth.com/subsys/dce/sec/rs_server_300_2

 are replicas in the cell /.../bayreuth.com.

  If you type

      site /.../bayreuth.com

  then

  /.../bayreuth.com

  becomes the default cell and either

  /.../bayreuth.com/subsys/dce/sec/rs_server_300_1

  or

  /.../bayreuth.com/subsys/dce/sec/rs_server_300_2

 becomes the default replica.

 AUTOMATIC BINDING TO THE MASTER

 Some of the sec_admin subcommands can act only on the master registry
 and thus require binding to the master registry. If you execute a sub-
 command that acts only on the master and the master is not the default
 replica, sec_admin attempts to bind to the master replica in the
 current default cell automatically.  If this attempt is successful,
 sec_admin displays a warning message informing you that the default
 replica has been changed to the master registry.  The master registry
 will then remain the default replica until you change it with the site
 subcommand.  If the attempt to bind is not successful, sec_admin
 displays an error message, and the subcommand fails.

 INVOKING sec_admin

 When you invoke sec_admin, it displays the current default replica's
 full global name and the cell in which the replica exists. Then it
 displays the sec_admin> prompt.

        $ sec_admin
            Default replica: /.../dresden.com/subsys/dce/sec/music
            Default cell: /.../dresden.com
        sec_admin>

 At the sec_admin> prompt, you can enter any of the sec_admin
 subcommands.

 SUBCOMMANDS
 The subcommand descriptions that follow use default_replica to indicate
 the default replica and other_replica to indicate a replica other than
 the default. other_replica must identify a replica in the default cell.
 It is specified by its name on the cell's replica list (that is, by its
 cell-relative name).  Use the lrep subcommand to view the default cell's
 replica list.

 become [ -master ] [ -slave ]
           The -master option makes the current default replica (which
           must be a slave) the master replica.
           The -slave option makes the current default replica (which
           must be the master) a slave replica.
           This method of changing to master or slave can cause updates
           to be lost. The change_master subcommand is the preferred
           means of designating a different master replica.  However,
           you may find the become -master command useful if the master
           server is irrevocably damaged and you are unable to use
           change_master.

 change_master -to other_replica
           Make the replica specified by other_replica the master
           replica.  To perform this operation, other_replica must be
           a slave, and the current default replica must be the master.
           If the current default replica is not the master, sec_admin
           attempts to bind to the master.

           If the change operation is successful, the current master:

             1.  Applies all updates to other_replica

             2.  Becomes a slave

             3.  Tells other_replica to become the master

 delr[ep] other_replica [-force ]
           Delete the registry replica identified by other_replica. To
           perform this operation, the current default replica must be
           the master. If it is not, sec_admin attempts to bind to the
           master.

           If the delete operation is successful, the master:

             1.  Marks other_replica as deleted

             2.  Propagates the deletion to all replicas on its replica
                 list

             3.  Delivers the delete request to other_replica

             4.  Removes other_replica from its replica list

 The -force option causes a more drastic deletion. It causes the master
 to first delete other_replica from its replica list and then to
 propagate the deletion to the replicas that remain on its list.  Since
 this operation never communicates with the deleted replica, you should
 use -force only when the replica has died irrecoverably.  If you use
 -force while other_replica is still running, you should then use the
 destroy subcommand to eliminate the deleted replica.

 h[elp] [command]
           Lists the sec_admin subcommands and shows their allowed
           abbreviations.  If command is specified, displays help for
           the specified command.

 info [-full]
           Displays status information about the default replica.
           The info subcommand contacts the default replica to obtain the
           appropriate information. If this information is not available,
           info prints the replica name and a message stating the
           information is not available.

           Without the -full option, info displays:

           +  The default replica's name and the name of the cell in
              which the replica exists

           +  Whether the replica is a master or a slave

           +  The date and time the replica was last updated and the
              update sequence number

           +  An indication of the replica's state, as follows:

              -  Bad State - The state of the replica prohibits the
                  requested operation.

              -  Uninitialized - The database is a stub database that
                 has not been initialized by the master replica or
                 another up-to-date replica

              -  Initializing - The replica is in the process of being
                 initialized by the master replica or another up-to-date
                 replica

              -  In Service - The replica is available for queries and
                 propagation updates if it is a slave replica or queries
                 and updates if it is the master replica

              -  Copying Database - The replica is in the process of
                 initializing (copying its database to) another replica

              -  Saving Database - The replica is in the process of
                 saving its database to disk.

              -  In Maintenance - The replica is unavailable for updates
                 but will accept queries

              -  Changing Master Key - The replica is in the process of
                 having its master key changed

              -  Becoming Master- The replica is in the process of
                 becoming the master replica (applicable to slave
                 replicas only)

              -  Becoming Slave- The master replica is in the process
                 of becoming a slave replica (applicable to the master
                 replicas only)

              -  Closed - The replica is in the process of stopping

              -  Deleted - The replica is in the process of deleting
                 itself

              -  Duplicate Master - The replica a duplicate master and
                 should be deleted.

           The master replica is available for queries when it is in the
           in-service, copying-database, in-maintenance, master-key-
           changing and becoming-slave states.  It is available for
           updates only when it is in the in-service state.

           A slave replica is available for queries when it is in the in-
           service, copying-database, master-key-changing and becoming-
           master states.  It accepts updates from the master replica
           only when it is in the in-service state. It accepts a request
           from the master replica to initialize only when it is in the
           uninitialized or in-service state.

 The -full option displays all the above information and the following
 information:

             +  The default replica's unique identifier

             +  The replica's network addresses

             +  The unique identifier of the cell's master replica

             +  The network addresses of the cell's master replica

             +  The master sequence number, which is the sequence number
                of the event that made the replica the master

             +  If the replica is the master replica, the update sequence
                numbers that are still in the propagation queue and have
                yet to be propagated

             +  The DCE software version number.

 initr[ep] other_replica
           Reinitializes a replica by copying an up-to-date database to
           other_replica.
           The master replica initiates and guides the operation. If th
           operation is successful

              1. The master replica

                  a. Marks other_replica for reinitialization

                  b. Tells other_replica to reinitialize itself

                  c. Gives other_replica a list of replicas with
                     up-to-date databases

              2. The other_replica picks a replica from the list and asks
                 that replica to initialize it (that is, to copy its
 		database to other_replica)

 To perform this operation, other_replica must be a slave, and the
 current default replica must be the master. If the current default
 replica is not the master, sec_admin attempts to bind to the master.
 This subcommand is generally not used under normal conditions.

 lr[ep] [-s[tate]] [-u[uid]] [-a[ddr]] [-p[rop]] [-al[l]]
           Lists the replicas on the default replica's replica list.
           If you enter no options, the display includes the replica name
           and whether or not it is the master replica. In addition if
           the master replica's list is being displayed, slave replicas
           marked for deletion are noted.  With options, the display
           includes this information and the information described in the
           following paragraphs.

           The -state option shows each replica's current state, the date
           and time the replica was last updated, and the update sequence
           number. To obtain this information, lrep contacts each
           replica.  If this information is not available from the
           replica, lrep prints the replica name and a message stating
           the information is not available.

           The -addr option shows each replica's network addresses.

           The -uuid option shows each replica's unique identifier.

           The -prop option shows:

           +  The date and time of the last update the master sent to
              each slave replica

           +  The sequence number of the last update to each slave
              replica

           +  The number of updates not yet applied to each slave replica

           +  The status of the master replica's last communication with
              each slave replica

           +  The propagation state of each slave replica.  This state,
              illustrates how the master replica views the slave replica,
              can be any of the following:

              -  Bad State-The state of the replica prohibits the
                 requested operation.

              -  Marked for Initialization-The replica has been marked
                 for deletion by the master replica.

              -  Initialized-The replica has been marked for initializa-
                 tion by the master replica.

              -  Initializing-The replica is in the process of being ini-
                 tialized by the master replica.

              -  Ready for Updates-The replica has been initialized by
                 the master replica and in now available for propagation
                 updates from the master replica.

              -  Marked for Deletion-The replica has been marked for
                 deletion by the master replica.

 This information is obtained from the master replica; the slave replicas
 are not contacted for this information.

 The -prop option is valid only for the master.
 For slave replicas, the -all option shows all the information above
 except that displayed by the -prop option. For the master replica, the
 -all option shows all the information.

 mas[ter_key]
           Generates a new master key for the default replica and re-
           encrypts account keys using the new key.  The new master key
           is randomly generated.

           Each replica (master and slaves) maintains its own master key
           used to access the data in its copy of the database.

 monitor [-r m]
           Periodically list the registry replicas stored in the current
           default replica's replica list. The list includes each
           replica's current state, the date and time the replica was
           last updated and the update sequence number. Note that this
           is the same information as that displayed by the info sub-
           command with no options.  The monitor subcommand contacts
           each replica to obtain the information it displays. If this
           information is not available from the replica, monitor prints
           the replica name and a message stating the information is not
           available.

           The -r option causes the replicas to be listed at intervals
           you specify.  m is a number of minutes between intervals. The
           default is 15 minutes.

 destroy default_replica
           Destroy the current default replica. To perform this
           operation, the current default replica and the default
           replica you name as default_replica must be the same.  This
           is to confirm your desire to perform the deletion.

           If the operation is successful, the default replica deletes
           its copy of the registry database and stops running.  This
           subcommand does not delete default_replica from the replica
           lists.  Use the delrep -force subcommand to delete the replica
           from the other replica lists.

           The preferred way to delete replicas is to use the delrep
           subcommand.  However, the destroy subcommand can be used if
           delrep is unusable because the master is unreachable or the
           replica is not on the master's replica list.

 site [name [-u[pdate]]]
           Set or display the default cell and the default replica.
           The name argument identifies the replica to set as the default
           replica and, as a consequence, the default cell.  It can be:

           +  A specific cell_name (or /.: for the local cell) to make
              any replica in the named cell the default.

           +  The global name of a replica to make the specified replica
              in the specified cell the default.

           +  The name of a replica as it appears on the replica list to
              make the named replica (which exists in the default cell)
              the default replica.

           +  A string binding to a specific replica.  An example of a
              string binding is ncadg_ip_udp:15.22.144.163. This form is
              used primarily for debugging or if the Cell Directory
              Service is not available.

 The -u option specifies that sec_admin should find the master replica.
 Normally you specify the name of a cell for name in conjunction with
 the -u option.  In this case sec_admin finds the master replica in that
 cell. If you use a replica name for name, sec_admin queries the named
 replica to find the master replica in the named replica's cell.

 If you supply no arguments, sec_admin displays the current default
 replica and default cell.

 stop      Stops the Security Server (secd) associated with the default
           replica.

 sta[te] -maintenance | -service
           Puts the master replica into maintenance state or takes it out
           of maintenance state. This subcommand is useful for performing
           backups of the registry database.

           If the current default replica is not the master, sec_admin
           attempts to bind to the master.

           The -maintenance flag causes the master replica to save its
           database to disk and refuse any updates.

           The -service flag causes the master replica to return to its
           normal "in service" state and start accepting updates.

 e[xit] or q[uit]
           The quit and exit subcommands end the sec_admin session.

 EXAMPLES

  1.  The following example, invokes sec_admin and uses the lrep sub-
      command to list replicas on the replica list and their states:

      $ r sys$system:dce$sec_admin
      Default replica: /.../dresden.com/subsys/dce/sec/rs_server_250_
      Default cell: /.../dresden.com
      sec_admin> lrep  -st
      Replicas in cell /.../dresden.com
      (master) subsys/dce/sec/master
                     state: in service
                     Last update received at:  1993/11/16.12:46:59
                     Last update's seqno:  0.3bc
               subsys/dce/sec/rs_server_250_2
                     state: in service
                    Last update received at:  1993/11/16.12:46:59
                     Last update's seqno:  0.3bc
               subsys/dce/sec/rs_server_250_3
                     state: in service
                     Last update received at:  1993/11/16.12:46:59
                     Last update's seqno:  0.3bc
      sec_admin>

  2.  The following example, sets the default replica to the master in
      the local cell:
           sec_admin> site  /.:  -u
           Default replica: /.../dresden.com/subsys/dce/sec/master
           Default cell: /.../dresden.com
           sec_admin>

12  –  sec_create_db

 NAME

    sec_create_db - registry database creation utility

 SYNOPSIS

   sec_create_db {-master | -slave} -my[name] my_server_name
                 [-cr[eator] creator_name]
                 [-cu[nix_id] creator_unix_id]
                 [-g[roup_low_id] g_unix_id]
                 [-k[eyseed] keyseed]
                 [-ma[x_unix_id]  max_unix_id]
                 [-o[rg_low_unix_id] o_unix_id]
                 [-pa[ssword] default_password]
                 [-p[erson_low_unix_id] p_unix_id]
                 [-u[uid cell_uuid]
                 [-v[erbose]]

 OPTIONS

 {-master | -slave}
           Specifies whether the database for the master replica should
           be created (-master) or a database for a slave replica should
           be created (-slave).  All other sec_create_db options can be
           used with the -master option.  Only the -myname, -keyseed,
           and -verbose options can be used with the -slave option.

 -my[name] Specifies the name that will be used by the Directory Service
           to locate the machine on which the cell's Security Server is
           running.

 -cr[eator]
           Specifies the principal name of the initial privileged user of
           the registry database (known as the "registry creator").

 -cu[nix_id]
           Specifies the UNIX ID of the initial privileged user of the
           registry database. If you do not enter the UNIX ID, it is
           assigned dynamically.

 -g[roup_low_unix_id]
           Specifies the starting point for UNIX IDs automatically
           generated by the Security Service when groups are added with
           the rgy_edit command.

 k[eyseed] Specifies a character string used to seed the random key
           generator in order to create the master key for the database
           you are creating. It should be string that cannot be easily
           guessed. The master key is used to encrypt all account pass-
           words.  Each instance of a replica (master or slave) has its
           own master key.  You can change the master key using the
           sec_admin command.

 ma[x]     Specifies the highest UNIX ID that can be assigned to a
           principal, group, or organization.

 -o[rg_low_unix_id]
           Specifies the starting point for UNIX IDs automatically
           generated by the Security Service when organizations are
           added with the rgy_edit command.

 -pa[ssword]
           The default password assigned to the accounts created by
           sec_create_db, including the account for the registry creator.
           If you do not specify a default password, -dce- is used.
           (Note that the hosts/local_host/self none none,
           krbtgt/cell_name none none, and nobody none none accounts are
           not assigned the default password, but instead a randomly
           generated password.)

 -p[erson_low_unix_id]
           Specifies the starting point for UNIX IDs automatically
           generated by the Security Service when principals are added
           with the rgy_edit command.

 -u[uid]   Specifies the cell's UUID.  If you do not enter this UUID, it
           is assigned dynamically.

 -v[erbose]
           Specifies that sec_create_db runs in verbose mode and displays
           all activity.

 DESCRIPTION

 The sec_create_db tool creates new master and slave databases in
 DCE$LOCAL:[VAR.SECURITY.RGY_DATA] on the machine from which
 sec_create_db is run. Normally, these databases are created only
 once by the system configuration tool, dce_config.  However, you
 can use sec_create_db if you need to re-create the master or a slave
 database from scratch.  You must be privileged to invoke sec_create_db.

 The sec_create_db -master option creates the master database on the
 machine on which it is run.  This database is initialized with names
 and accounts, some of them reserved. You must use the rgy_edit command
 to populate the database with objects and accounts.

 When the master registry database is created, default ACL entries for
 registry objects are also created.  These entries give the most
 privileged permission set to the principal named in the -cr[eator]
 option. If the principal is not one of the reserved names and accounts,
 sec_create_db adds it as a new principal and adds an account for that
 new principal.   If the -cr option is not used, DCE$SERVER is the
 creator.

 The sec_create_db -slave option creates a slave database on the machine
 on which it is run. This command creates a stub database on the local
 node in DCE$LOCAL:[VAR.SECURITY.RGY_DATA] and adds the newly created
 replica to the master's replica list.  The master then marks the replica
 to be initialized when a Security Server is started on the slave's node.

 The sec_create_db command also creates a registry configuration file,
 named DCE$LOCAL:[ETC.SECURITY]PE_SITE.;, that contains the network
 address of the machine on which the database is created.  This file
 supplies the binding address of the secd master server if the Naming
 Service is not available.

 FILES

 DCE$LOCAL:[ETC.SECURITY]PE_SITE.;
           The file containing the network address of the machine on
           which the security database is created.

 DCE$LOCAL:[VAR.SECURITY.RGY_DATA]
           The directory in which the registry database files are stored.

13  –  sec_salvage_db

 NAME

    sec_salvage_db - Recover a corrupted registry database.
                     The sec_salvage_db -check and -fix options are not
                     currently available.

 SYNOPSIS

 sec_salvage_db -print [-dbpath db_pathname] [-prtpath print_pathname]
                       [print_options] [-verbose]

 sec_salvage_db -reconstruct [-dbpath db_pathname]
                             [-prtpath print_pathname]
                             [reconstruct_options] [-verbose]

 sec_salvage_db -check [-dbpath db_pathname] [db_options] [-verbose]

 sec_salvage_db -fix [-dbpath db_pathname] [db_options] [-force]
                     [-verbose]

 OPTIONS

 -check    Check the database elements specified by db_options for incon-
           sistencies.  This option sends a list to standard output of
           all bad list links, internal id references, and  database keys
           and any detectable data inconsistencies. The -check option
           does not check fields for legal values.

 db_options
           Specify the database elements to be acted on by the -check or
           -fix options. If no db_options are specified, all are
           selected.  The db_options are

             +  -princ - Principals

             +  -group - Groups

             +  -org - Organizations

             +  -acct - Accounts

             +  -acl - ACLs

             +  -policy - Policy

             +  -state - Database State

             +  -replicas - Replicas

 The .mkey.prt file and the princ.prt file contain unencrypted
 authentication keys.  Ensure that only the privileged account can access
 these files and that they are never transferred over a network for
 viewing or backup.

 -fix      Check the database for inconsistencies and prompt for whether
           to fix each inconsistency. After all inconsistencies have been
           processed, the option prompts for whether to save all fixes.

 -force    Check the database for inconsistencies and fix each one with-
           out prompting.  After all inconsistencies have been processed,
           the option prompts for whether to save all fixes.   This
           option is valid only when used with the -fix option.

 -print    Create files containing ASCII-formatted database records.
           These files are used by the -reconstruct option as a source
           for recreating the database. You can also manually edit the
           files to change information or fix problems. A separate file
           is created for each  of the print_options specified.

           By default the -print option stores the master key file in
           the current directory and the database files in the rgy_print
           directory in the current directory. The -prtpath option lets
           you specify a different directory.

 print_options
           Specify the database elements to be acted on by the -print
           option. If the files exist, they are overwritten. If no
           print_options are specified, all are selected. The
           print_options and the files they create are

             +  -princ - Put principal records in the file princ.prt
                         and master key information in the file
                         .mkey.prt.

             +  -group - Put group records in the file group.prt.

             +  -org - Put organization records in the file org.prt.

             +  -policy - Put policy records in the file policy.prtt.

             +  -state - Put information about the state of the database
                         in the file rgy_state.prt.

             +  -replicas - Put replica information in the file
                            replicas.prt.

 -reconstruct
           Reconstruct the registry database from the ASCII-formatted
           print files created by the -print option.  The
           reconstruct_options specify the print files to use.

          Specifies which elements of the registry database to re-
          construct.  If no reconstruct_options are specified, all are
          selected. The reconstruct_options are

             +  -pgo - Use data in the princ.prt, group.prt, org.prt, and
                       .mkey.prt files to reconstruct:

                  -  Principals, groups, organizations

                  -  Principal's accounts

                  -  ACL's on database objects

                  -  The master key file

             +  -policy - Use data from the policy.prt file to re-
                          construct registry policies.

             +  -state - Use data from the rgy_state.prt file to re-
                         construct information about the state of the
                         database.

             +  -replicas - Use data from the replicas.prt file to
                            reconstruct the master replica list.

 -dbpath db_pathname
           For the -print and -check options, -dbpath specifies the
           directory in which the registry database and the master key
           file are located.  For the -reconstruct and -fix options,
           -dbpath specifies the directory in which to store the re-
           constructed or salvaged database.

           The -print and -check options expects to find the master key
           file, .mkey, in the directory above the directory that holds
           the database files. For example, if db_pathname is
           DCE$LOCAL:[VAR.SECURITY.NEW_RGY], the options look for the
           master key file in DCE$LOCAL:[VAR.SECURITY] and the database
           files in DCE$LOCAL:[VAR.SECURITY.NEW_RGY].

           If this option is not specified, the default pathname is
           DCE$LOCAL:[VAR.SECURITY.RGY_DATA].

           db_pathname can be a global pathname or a cell-relative name.

 -prtpath print_pathname
           For the print and -reconstruct options only, -prtpath
           specifies the directory in which to create (-print) the print
           files, or find (-reconstruct) the print files from which to
           reconstruct the database.

           By default the -print option creates and the -reconstruct
           option looks for the master key file in the current directory
           and the database files in the rgy_print subdirectory of the
           current directory. The -prtpath option lets you specify the
           directory that should be used instead of the current directory.
           For example, if you specify print_pathname as
           DCE$LOCAL:[VAR.SECURITY.REGISTRY], the master key print file
           will be created in that directory and the database print files
           in DCE$LOCAL:[VAR.SECURITY.REGISTRY.RGY_PRINT].

           If any or all of the print files exist in print_pathname or
           the default directory, their contents are overwritten.

           print_pathname can be a global pathname or a cell-relative
           name.

 DESCRIPTION

 The sec_salvage_db tool is an aid to database administration and troub-
 leshooting.  Although day-to-day administration is handled by the
 rgy_edit command, sec_salvage_db can be useful for listing registry
 data, reconstructing databases, and salvaging corrupted databases.

 The sec_salvage_db command supports two methods of operation: the check
 and fix method and the print and reconstruct method.   These methods can
 be used in tandem.

 CHECK AND FIX METHOD

 The -check and -fix options are not currently available.  The check and
 fix method recovers data from a corrupted database, fixing corrupted
 data links, data retrieval keys, and other internal references. You can
 use it on a database so corrupted that it prevents the Security Server
 (secd) from running or registry clients from operating correctly.  The
 check and fix method repairs the database structure so that secd can
 run. (Note that data may be lost if corrupted pointers in the registry
 data files irreversibly sever the links between records.) The check and
 fix method uses the sec_salvage_db -check, -fix, and -force options.

 The -check option accesses each record in the database and reports all
 errors, but makes no fixes. Although you can run it to see the state of
 the database before you run the -fix option, it is not required to be
 run.

 The -fix option also accesses each record in the database and reports
 all errors, but as it finds each error, it prompts for whether or not to
 fix the error.  When processing is complete, sec_salvage_db prompts for
 whether or not to save the changes.

 The -force option can only be used with the -fix option. If you use it,
 sec_salvage_db does not prompt for confirmation before it fixes each
 error it finds.  sec_salvage_db will still prompt for confirmation
 before it saves the changes.

 THE PRINT AND RECONSTRUCT METHOD

 The print and reconstruct method allows you to reconstruct a database.
 It first creates ASCII files, called print files, that contain all
 accessible data in the database.  Then, it reads the data in these
 files to construct a new database. If you cannot start a Security
 Server on the database host machine, you cannot use the print and re-
 construct method, but must use the check and fix method. (Note that
 before you run sec_salvage_db with the -print and -reconstruct options,
 you must stop the Security Server.)

 In addition to reconstructing the database, the print and reconstruct
 method has other uses.  You can use it to

   +  Make changes to the database by manually editing the print files
      created by the -print option and then reconstructing them from the
      changed print files. This can be especially useful for changing
      many user passwords, which may be necessary if the master key file
      is corrupted.

   +  Obtain a listing of database contents.

   +  Copy databases between different platforms.

 To use the print and reconstruct method run sec_salvage_db first with
 the -print option and then with the -reconstruct option.

 The -print option creates the ASCII print files from the registry data-
 base files.  These files can be reviewed and edited to correct faulty
 information, such as name-to-UNIX ID mismatches or missing data, or to
 update existing data. The -reconstruct option recreates the registry
 database files from the print files.

 Because the -print option creates files containing all data in the data-
 base and the -reconstruct option recreates the database based on these
 files, you can use this method to move a database to another machine or
 even another cell. For example, if you run sec_salvage_db -print on an
 uncorrupted database, you can then run sec_salvage_db -reconstruct and
 specify a pathname on a different machine for where the database should
 be created.

 EDITING THE PRINT FILES

 To edit the print files, your entries must be in the following format:

      field_name optional_white_space=optional_white_space value

 Although you can leave spaces between the field name, the equals sign,
 and the value, field names and values cannot contain white space.

 A sample org.prt file follows:

        Record_Number = 2
        Object_Type = ORG
        Name = org/none
        UUID = 0000000C-D751-21CA-A002-08001E039D7D
        Unix_ID = 12
        Is_Alias_Flag = false
        Is_Required_Flag = false
        Fullname =
        Member_Name = nobody
        Member_Name = root
        Member_Name = daemon
        Member_Name = uucp
        Member_Name = bin
        Member_Name = dce-ptgt
        Member_Name = dce-rgy
        Member_Name = krbtgt/abc.com
        Member_Name = hosts/zebra/self
        Obj_Acl_Def_Cell_Name = /.../abc.com
        Obj_Acl_Entry = unauthenticated:r-t-----
        Obj_Acl_Entry = user:root:rctDnfmM
        Obj_Acl_Entry = other_obj:r-t-----
        Obj_Acl_Entry = any_other:r-t-----

 To update existing entries, simply supply a new value. For example, to
 update a principal's full name, the entry in the princ.prt file is

        Fullname = fullname

 The fullname variable is the principal's full name. The princ.prt file
 contains the following entry that allows you to update a principal's
 password in plain text:

        Plaintext_Passwd =

 This field does not display the principal's password. To update the
 password, simply enter the new one in plain text after the equals sign.
 When the database is reconstructed, the password is encrypted and any
 keys derived from that password are regenerated and used to overwrite
 any existing encryption key entries.

 To specify a NULL value, delete the existing value. For example, to
 specify a NULL value for a fullname in the princ.prt file, the entry is

        Fullname =

 PRINT FILE FIELDS AND VALUES

 The following lists describe the fields in the princ.prt, group.prt,
 org.prt, .mkey.prt, policy.prt, rgy_state.prt, and replicas.prt files.
 In the lists, an * (asterisk) indicates a segment or field that can
 appear multiple times in succession; a + (plus sign) indicates that if
 a stored UUID does not map to a name required for the field, the UUID
 is displayed.

 THE PRINC.PRT FILE

 The fields in the princ.prt file follow:

   +  For all records:

      Record_Number  The sequential number of the record in the database.

      Object_Type    An indication of the type of object:
                     PRINC=principal, DIR=directory.

      Name           Name of the object.

      UUID           Unique Identifier of the object.

   +  For principals:

      Unix_ID        The principal's Unix ID.

      Is_Alias_Flag  An indication of whether or not the principal name
                     is an alias or a primary name: true=alias,
                     false=primary.

      Is_Required_Flag
                     An indication of whether or not the principal is
                     reserved: true=principal is reserved and cannot be
                     deleted, false=principal is not reserved.

      Quota          The principal's object creation quota: a non-
                     negative integer or unlimited.

      Fullname       The principal's fullname: a text string.

      Member_Name*   The names of the groups to which the principal
                     belongs.

      Obj_Acl_Def_Cell_Name
                     The default cell name of this principal's object
                     ACL.

      Num_Acl_Entries
                     The number of entries in the principals object ACL.

      Obj_Acl_Entry*+
                     The contents of the principal's object ACL.

      Acct_Group_Name
                     The account's group name.

      Acct_Org_Name  The account's organization name.

      Acct_Creator_Name
                     The name of principal who created this account.

      Acct_Creation_Time
                     The date and time the account was created in
                     yyyy/mm/dd.hh:mm format.  The first two digits of
                     the year, the hours, and the minutes are optional.

      Acct_Changer_Name
                     Name of principal who last changed the account.

      Acct_Change_Time
                     The date and time the account was last changed in
                     yyyy/mm/dd.hh:mm format. (The first two digits of
                     the year, the hours and the minutes are optional.)

      Acct_Expire_Time
                     The date and time the account expires or none for no
                     expiration date.  The date and time are in
                     yyyy/mm/dd.hh:mm format. (The first two digits of
                     the year, the hours and the minutes are optional.)

     Acct_Good_Since_Time
                     The date and time the principal's account was last
                     known to be in an uncompromised state in
                     yyyy/mm/dd.hh:mm, format or no for current time and
                     date. (The first two digits of the year, the hours
                     and the minutes are optional.)

      Acct_Valid_For_Login_Flag
                     An indication of whether or not the account can be
                     logged into: true=account is valid for login,
                     false=account cannot be logged into.

      Acct_Valid_As_Server_Flag
                     Indicates whether or not the account is a server and
                     can engage in authenticated communication:
                     true=account is a server, false=account is not
                     server.

      Acct_Valid_As_Client_Flag
                     Indicates whether or not the account is a client and
                     can log in, acquire tickets, and be authenticated:
                     true=account is a client, false=account is not a
                     client.

      Acct_Post_Dated_Cert_Ok_Flag
                     Indicates whether or not tickets with a start time
                     some time in the future can be issued to the
                     account's principal: true=postdated tickets can be
                     issued, false=postdated tickets cannot be issued.

      Acct_Forwardable_Cert_Ok_Flag
                     Indicates whether or not a new ticket-granting
                     ticket with a network address that differs from
                     the present ticket-granting address can be issued
                     to the account's principal: true=account can get
                     forwardable certificates, false=account cannot.

      Acct_TGT_Auth_Cert_Ok_Flag
                     Indicates whether or not tickets issued to the
                     account's principal can use the ticket-granting-
                     ticket authentication mechanism: true=tickets can
                     use the ticket-granting-ticket authentication
                     mechanism, false=they cannot.

      Acct_Renewable_Cert_Ok_Flag
                     Indicates whether or not tickets issued to the
                     principal's ticket-granting ticket to be renewed:
                     true=tickets can be renewed, false=tickets cannot be
                     renewed.

      Acct_Proxiable_Cert_Ok_Flag
                     Indicates whether or not a new ticket with a
                     different network address than the present ticket
                     can be issued to the account's principal: true=such
                     a ticket can be issued, false=such a ticket cannot
                     be issued.

      Acct_Dup_Session_Key_Ok_Flag
                     Indicates whether or not tickets issued to the
                     account's principal can have duplicate keys:
                     true=account can have duplicate session keys,
                     false=account cannot.

      Unix_Key       The account principal's encrypted UNIX password:
                     ASCII string.

      Plaintext_Passwd
                     Stores the principal's password in plain text.  This
                     field is provided to allow principal's passwords to
                     be changed.  When the princ.prt file is processed by
                     the sec_salvage_db -reconstruct option, this pass-
                     word is encrypted using UNIX system encryption. This
                     encrypted password is then stored as the principal's
                     encrypted UNIX password in the Unix_Key field.

      Home_Dir       The account principal's home directory: text string.

      Shell          The account principal's login shell: text string.

      Gecos          The account's GECOS information: text string.

      Passwd_Valid_Flag
                     Indicates whether or not the account principal's
                     password is valid: true=password is valid,
                     false=password not valid.

      Passwd_Change_Time
                     The date and time the account principal's password
                     was last changed in yyyy/mm/dd.hh:mm format or now
                     for the current date and time. The first two digits
                     of the year, the hours and the minutes are optional.

      Max_Certificate_Lifetime
                     The number of hours before the Authentication
                     Service must renew the account principal's service
                     certificates: an integer indicating the time in
                     hours or default-policy to use the registry default.

      Max_Renewable_Lifetime
                     The number of hours before a session with the
                     account principal's identity expires and the
                     principal must log in again to reauthenticate:
                     an integer indicating the time in hours or
                     default-policy to use the registry default.

      Master_Key_Version
                     The version of the master key used to encrypt the
                     account principal's key.

      Num_Auth_Keys  The number of the account principal's authentication
                     keys.

      Auth_Key_Version*
                     A list of the version numbers of the account
                     principal's authentication key.  The first version
                     number on the list represents the current authenti-
                     cation key.

      Auth_Key_Pepper*
                     The pepper algorithm used for the account
                     principal's key: a text string or blank to use
                     the default pepper algorithm.

      Auth_Key_Len*  The length in bytes of the account principal's
                     authentication key.

      Auth_Key*      The account principal's authentication key: hex
                     string.

      Auth_Key_Expire_Time*
                     The date and time the account principal's authenti-
                     cation key expires or none for no expiration. Date
                     and time are in  yyyy/mm/dd.hh:mm format. (The first
                     two digits of the year, the hours and the minutes
                     are optional.)

   +  For directories:

      Obj_Acl_Def_Cell_Name+
                     The default cell name of the directory's object ACL.

      Num_Acl_Entries
                     The number of entries in the directory's object ACL.

      Obj_Acl_Entry*+
                     The contents of the directory's object ACL.

      Init_Obj_Acl_Def_Cell_Name+
                     The default cell name of the directory's initial
                     object ACL.

      Num_Acl_Entries
                     The number of entries in the directory's initial
                     object ACL.

      Init_Obj_Acl_Entry*+
                     The contents of the directory's initial object ACL.

      Init_Cont_Acl_Def_Cell_Name+
                     The default cell name of the directory's initial
                     container ACL.

      Num_Acl_Entries
                     The number of entries in the directory's initial
                     container ACL.

      Init_Cont_Acl_Entry*+
                     The contents of the directory's initial container
                     ACL.

 THE GROUP.PRT FILE

 The fields in the group.prt file follow:

   +  For all records:

      Record_Number  The sequential number of the record in the database.

      Object_Type    An indication of the type of object: GROUP=group,
                     DIR=directory.

      Name           Name of the object.

      UUID           Unique Identifier of the object.

   +  For groups:

      Unix_ID        Unix ID of the group.

      Is_Alias_Flag  An indication of whether or not the group name is an
                     alias or a primary name: true=alias, false=primary.

      Is_Required_Flag
                     An indication of whether or not the group is
                     reserved:  true=group is reserved and cannot be
                     deleted, false=group is not reserved.

      Projlist_Ok_Flag
                     An indication of whether or not the group can be
                     included in project lists: true=group can be
                     included on project lists, false=group cannot be
                     included.

      Fullname       The group's fullname: a text string.

      Member_Name*   The names of the group's members.

      Obj_Acl_Def_Cell_Name+
                     The default cell name of this group's object ACL.

      Num_Acl_Entries
                     The number of entries in the group's object ACL.

      Obj_Acl_Entry*:
                     The contents of the group's object ACL.

   +  For directories:

      Obj_Acl_Def_Cell_Name+
                     The default cell name of this directory's object
                     ACL.

      Num_Acl_Entries
                     The number of entries in the directory's object ACL.

      Obj_Acl_Entry* The contents of the directory's object ACL.

      Init_Obj_Acl_Def_Cell_Name+
                     The default cell name of the directory's initial
                     object ACL.

      Num_Acl_Entries
                     The number of entries in the directory's initial
                     object ACL.

      Init_Obj_Acl_Entry*+
                     The contents of the directory's initial object ACL.

      Init_Cont_Acl_Def_Cell_Name+
                     The default cell name of the directory's initial
                     container ACL.

      Num_Acl_Entries
                     The number of entries in the directory's initial
                     container ACL.

      Init_Cont_Acl_Entry*+
                     The contents of the directory's initial container
                     ACL.

 THE ORG.PRT FILE

 The fields in the org.prt file follow:

   +  For all records:

      Record_Number  The sequential number of the record in the database.

      Object_Type    An indication of the type of object:
                     ORG=organization, DIR=directory.

      Name           Name of the object.

      UUID           Unique Identifier of the object.

   +  For organizations:

      Unix_ID        Unix ID of the organization.

      Is_Alias_Flag  An indication of whether or not the organization
                     is an alias or a primary name: true=alias,
                     false=primary.

      Is_Required_Flag
                     An indication of whether or not the organization is
                     reserved: true=organization is reserved and cannot
                     be deleted, false=organization is not reserved.

      Fullname       The organization's fullname: a text string.

      Member_Name*   The names of the organization's members.

      Obj_Acl_Def_Cell_Name
                     The default cell name of this organization's object
                     ACL.

      Num_Acl_Entries
                     The number of entries in the organization's object
                     ACL.

      Obj_Acl_Entry*+
                     The contents of the organization's object ACL.

   +  For organizations with policy:

      Acct_Lifetime  The period during which accounts for the organiza-
                     tion are valid: a integer number representing days
                     or forever.

      Passwd_Min_Len The minimum length of the organization's password: a
                     non-negative integer.

      Passwd_Lifetime
                     The span in days of the lifetime of the organiza-
                     tion's password: an integer or forever.

      Passwd_Expire_Time
                     The date and time the organization's password
                     expires in yyyy/mm/dd.hh:mm format.   (The first
                     two digits of the year, the hours and the minutes
                     are optional.)

      Passwd_All_Spaces_Ok
                     An indication of whether or not the organization's
                     password can consist of all spaces: true=can consist
                     of spaces, false=cannot.

      Passwd_All_Alphanumeric_Ok
                     An indication of whether or not the organization's
                     password can consist of all alphanumeric characters:
                     true=can be all alphanumeric, false=cannot.

   +  For directories:

      Obj_Acl_Def_Cell_Name+
                     The default cell name of the directory's object ACL.

      Num_Acl_Entries
                     The number of entries in the directory's object ACL.

      Obj_Acl_Entry*+
                     The contents of the directory's object ACL.

      Init_Obj_Acl_Def_Cell_Name+
                     The default cell name of the directory's initial
                     object ACL.

      Num_Acl_Entries
                     The number of entries in the directory's initial
                     object ACL.

      Init_Obj_Acl_Entry*+
                     The contents of the directory's initial object ACL.

      Init_Cont_Acl_Def_Cell_Name+
                     The default cell name of the directory's initial
                     container ACL.

      Num_Acl_Entries
                     The number of entries in the directory's initial
                     container ACL.

      Init_Cont_Acl_Entry*+
                     The contents of the directory's initial container
                     ACL.

 THE .MKEY.PRT FILE

 The fields in the .mkey.prt file follow:

 Master_Key_Version
                The integer version of the master key.

 Master_Key_Keytype
                Always des.

 Master_Key_Length
                The length of the master key in bytes.

 Master_Key     The master key in hex string format.

 The policy.prt File

 The fields in the policy.prt file follow:

 Rgy_Policy_File_Version
                An integer representing the version of the policy
                information.

 Prop_Read_Version
                A number indicating the property record's read version.

 Prop_Write_Version
                A number indicating the property record's write version.

 Min_Certificate_Lifetime
                The minimum amount of time before the principal's ticket
                must be renewed in weekswdaysdhourshminutesm format.

 Default_Certificate_Lifetime
                The the default lifetime for tickets issued to principals
                in this cell's registry in weekswdaysdhourshminutesm
                format.

 Low_Unix_ID_Principal
                The starting point for principal UNIX IDs automatically
                generated by the Security Service when a principal is
                added: an integer, which must be less than Max_Unix_ID.

 Low_Unix_ID_Group
                The the starting point for UNIX IDs automatically
                generated by the Security Service when a group is
                added: an integer, which must be less than Max_Unix_ID.

 Low_Unix_ID_Org
                The starting point for UNIX IDs automatically generated
                by the Security Service when an organization is added
               using: an integer, which must be less than Max_Unix_ID.

 Max_Unix_ID    The highest number that can be supplied as a UNIX ID when
                principals are created: an integer.

 Rgy_Readonly_Flag
                An indication of whether or not the registry is
                read-only: true=read only, false=updateable.

 Auth_Certificate_Unbound_Flag
                An indication of whether or not certificates are
                generated for use on any machine: true=yes, false=no.

 Shadow_Passwd_Flag
                Determines whether encrypted passwords are sent over the
                network: true=encrypted passwords are not sent over the
                network, false=encrypted passwords are sent over the
                network.

 Embedded_Unix_ID_Flag
                Determines if UNIX IDs are embedded in person, group,
                and organization UUIDs: true=UNIX IDs are embedded,
                false=UNIX IDs are not embedded.

 Realm_Name     The name of the full global pathname of realm running the
                secd.

 Realm_UUID     The UUID of the realm running the secd.

 Unauthenticated_Quota
                The quota of unauthenticated users: a number or
                unlimited.

 Acct_Lifetime  The period during which accounts are valid: a integer
                number representing days or forever.

 Passwd_Min_Len The minimum length of passwords: a non-negative integer.

 Passwd_Lifetime
                The span in days of the password lifetimes: an integer or
                forever.

 Passwd_Expire_Time
                The date and time the passwords expire in
                yyyy/mm/dd.hh:mm format. (The first two digits of
                the year, the hours and the minutes are optional.)

 Passwd_All_Spaces_Ok
                An indication of whether or not passwords can consist of
                all spaces: true=can consist of spaces, false=cannot.

 Passwd_All_Alphanumeric_Ok
                Am indication of whether or not passwords can consist of
                all alphanumeric characters: true=can be all alpha-
                numeric, false=cannot.

 Max_Certificate_Lifetime
                The number of hours before the Authentication Service
                must renew service certificates: an integer indicating
                the time in hours or default-policy to use the registry
                default.

 Max_Renewable_Lifetime
                The number of hours before sessions expire and the
                session principal must log in again to reauthenticate:
                an integer indicating the time in hours or default-
                policy to use the registry default.

 Princ_Cache_State
                The timestamp of the principal cache.

 Group_Cache_State
                The timestamp of the group cache.

 Org_Cache_State
                The timestamp of the organization cache.

 My_Name        The cell-relative name of the security server.

 Master_Key_Version
                The integer version of current master key.

 Master_Key_Keytype
                Always des.

 Master_Key_Length
                The length of the master key in bytes.

 Master_Key     The master key in hex string format.

 Old_Master_Key_Version
                The version of the previous master key.

 Old_Master_Key_Keytype
                Always des.

 Old_Master_Key_Length:
                The length of the previous master key in bytes.

 Old_Master_Key:
                The previous master key in hex string format.

 Obj_Acl_Def_Cell_Name:
                The default cell name of the policy object ACL.

 Num_Acl_Entries:
                The number of entries in the policy object ACL.

 Obj_Acl_Entry*+
                The contents of the policy object ACL.

 The rgy_state.prt File

 The fields in the rgy_state.prt file follow:

 Rgy_State_File_Version
                The integer version number of the format of the rgy_state
                file.

 Replica_State  The state of the master registry: unknown_to_master,
                uninitialized, in_service, in_maintenance, closed,
                deleted, or initializing.

 Cell_UUID      The UUID of cell in which the secd resides.

 Server_UUID    The UUID of this secd.

 Initialization_UUID
                The UUID of the last initialization event.

 Master_File_Version
                The version number of the master replica.

 Master_Known_Flag
                An indicate of whether or not the master replica is known
                to this replica: true=known, false=not known.  Only if
                this field is true do the other master field contain
                valid information.

 Master_UUID    The UUID of the master replica.

 Master_Seqno:  The 2-digit sequence number of the event when the master
                became the master in n.n format.

 The replicas.prt File

 The fields in the replicas.prt file follow:

 Record_Number  The sequential number of the record in the database.

 Replica_UUID   The UUID listed for the replica in the replica list.

 Replica_Name   The name of the replica as known to the Cell Directory
                Service.

 Num_Towers     The number of towers.

 Tower_Length*  The Length of the next tower (in bytes).

 Tower*         The tower used to communicate with the replica (a byte
                stream that can be broken on word boundaries).

 Propagation_Type
                An indication of whether the replica is initialized,
                initializing, in the process of being updated, or in
                the process of being deleted.

 Initialization_UUID
                UUID of the last initialization.

 ERROR CONDITIONS

 You receive the following error message if the default rgy_data
 directory is being used and there is an advisory lock on the rgy_state
 data file:

      Registry: Error - database is locked.  Put secd into maintenance
          mode or clear advisory lock on rgy_state file in db_pathname

 The existence of the advisory lock implies that secd is in service.  Use
 the sec_admin command to put secd in maintenance mode. If secd is not
 running, the advisory lock may be the result of an ungraceful shutdown
 of secd. To remove the advisory lock, use the rename command to rename
 the DCE$LOCAL:[VAR.SECURITY.RGY_DATA]RGY_STATE.; file, and then change
 it back to its original name.  Then rerun the sec_salvage_db command.
Close Help