HELPLIB.HLB  —  DCE  DCE_SECURITY, Admin Intro, sec_create_db
 NAME

    sec_create_db - registry database creation utility

 SYNOPSIS

   sec_create_db {-master | -slave} -my[name] my_server_name
                 [-cr[eator] creator_name]
                 [-cu[nix_id] creator_unix_id]
                 [-g[roup_low_id] g_unix_id]
                 [-k[eyseed] keyseed]
                 [-ma[x_unix_id]  max_unix_id]
                 [-o[rg_low_unix_id] o_unix_id]
                 [-pa[ssword] default_password]
                 [-p[erson_low_unix_id] p_unix_id]
                 [-u[uid cell_uuid]
                 [-v[erbose]]

 OPTIONS

 {-master | -slave}
           Specifies whether the database for the master replica should
           be created (-master) or a database for a slave replica should
           be created (-slave).  All other sec_create_db options can be
           used with the -master option.  Only the -myname, -keyseed,
           and -verbose options can be used with the -slave option.

 -my[name] Specifies the name that will be used by the Directory Service
           to locate the machine on which the cell's Security Server is
           running.

 -cr[eator]
           Specifies the principal name of the initial privileged user of
           the registry database (known as the "registry creator").

 -cu[nix_id]
           Specifies the UNIX ID of the initial privileged user of the
           registry database. If you do not enter the UNIX ID, it is
           assigned dynamically.

 -g[roup_low_unix_id]
           Specifies the starting point for UNIX IDs automatically
           generated by the Security Service when groups are added with
           the rgy_edit command.

 k[eyseed] Specifies a character string used to seed the random key
           generator in order to create the master key for the database
           you are creating. It should be string that cannot be easily
           guessed. The master key is used to encrypt all account pass-
           words.  Each instance of a replica (master or slave) has its
           own master key.  You can change the master key using the
           sec_admin command.

 ma[x]     Specifies the highest UNIX ID that can be assigned to a
           principal, group, or organization.

 -o[rg_low_unix_id]
           Specifies the starting point for UNIX IDs automatically
           generated by the Security Service when organizations are
           added with the rgy_edit command.

 -pa[ssword]
           The default password assigned to the accounts created by
           sec_create_db, including the account for the registry creator.
           If you do not specify a default password, -dce- is used.
           (Note that the hosts/local_host/self none none,
           krbtgt/cell_name none none, and nobody none none accounts are
           not assigned the default password, but instead a randomly
           generated password.)

 -p[erson_low_unix_id]
           Specifies the starting point for UNIX IDs automatically
           generated by the Security Service when principals are added
           with the rgy_edit command.

 -u[uid]   Specifies the cell's UUID.  If you do not enter this UUID, it
           is assigned dynamically.

 -v[erbose]
           Specifies that sec_create_db runs in verbose mode and displays
           all activity.

 DESCRIPTION

 The sec_create_db tool creates new master and slave databases in
 DCE$LOCAL:[VAR.SECURITY.RGY_DATA] on the machine from which
 sec_create_db is run. Normally, these databases are created only
 once by the system configuration tool, dce_config.  However, you
 can use sec_create_db if you need to re-create the master or a slave
 database from scratch.  You must be privileged to invoke sec_create_db.

 The sec_create_db -master option creates the master database on the
 machine on which it is run.  This database is initialized with names
 and accounts, some of them reserved. You must use the rgy_edit command
 to populate the database with objects and accounts.

 When the master registry database is created, default ACL entries for
 registry objects are also created.  These entries give the most
 privileged permission set to the principal named in the -cr[eator]
 option. If the principal is not one of the reserved names and accounts,
 sec_create_db adds it as a new principal and adds an account for that
 new principal.   If the -cr option is not used, DCE$SERVER is the
 creator.

 The sec_create_db -slave option creates a slave database on the machine
 on which it is run. This command creates a stub database on the local
 node in DCE$LOCAL:[VAR.SECURITY.RGY_DATA] and adds the newly created
 replica to the master's replica list.  The master then marks the replica
 to be initialized when a Security Server is started on the slave's node.

 The sec_create_db command also creates a registry configuration file,
 named DCE$LOCAL:[ETC.SECURITY]PE_SITE.;, that contains the network
 address of the machine on which the database is created.  This file
 supplies the binding address of the secd master server if the Naming
 Service is not available.

 FILES

 DCE$LOCAL:[ETC.SECURITY]PE_SITE.;
           The file containing the network address of the machine on
           which the security database is created.

 DCE$LOCAL:[VAR.SECURITY.RGY_DATA]
           The directory in which the registry database files are stored.
Close Help