PreviousNext

Overview - Creating and Maintaining Accounts

All principals have two identities: a network identity that provides the ability to access DCE objects on machines across the network, and a local identity that provides the ability to access objects on the local machine. The two identities exist in tandem, but independently of each other. A principal's network identity is defined by an account in the network registry. A principal's local identity is defined by local data, such as entries in the /etc/passwd and /etc/group files that are stored on the local machine. If the passwd_export command is used to update the /etc/passwd and /etc/group files with data that is stored in the local registry, local identity data is derived from information that is stored in the network registry.

Registry accounts define a network identity by associating a principal with a group, an organization, and related account information, such as the password that is used to authenticate a principal's identity. You must create a registry account for any principal that engages in communications across the network, regardless of whether the communications are authenticated. The principals for which you must create registry accounts are as follows:

· Each human user who accesses objects across the network; this probably includes all human users unless you are specifically restricting a user to the local machine.

· Each server that accesses objects across the network and runs under its own identity, not the identity of the principal who started it.

· Each machine in the network.

· Any cell with which you engage in authenticated cross-cell communications. (Accounts for cross-cell authentication are special types of accounts that are described in Administering a Multicell Environment.

This topic describes

· Each type of account and how to create and maintain it

· How accounts are authenticated and how to display privilege attributes and tickets

· How to create and maintain the keytab file that stores keys for server principals

· How to maintain the local registry