Table of Contents

1. Introduction to the Directory Service

• 1.1. How the DCE Components Use Directory Services
• 1.2. How To Use Directory Services
• 1.3. Directory Services and the Cell Environment
• 1.4. How Cells Determine Naming Environments
• 1.4.1. Global Names
• 1.4.2. Hierarchical Cell Names
• 1.4.3. Alias Cell Names
• 1.4.4. Cell-Relative Naming in a Standalone Cell
• 1.4.5. Cell-Relative Naming in a Hierarchy of Cells
• 1.4.6. Local Filenames
• 1.5. An In-Depth Analysis of DCE Names
• 1.5.1. CDS Names
• 1.5.2. DNS Names
• 1.5.3. Names Outside of the DCE Directory Service

2. CDS Concepts

• 2.1. How CDS Works
• 2.2. Replicas and Their Contents
• 2.2.1. Object Entries
• 2.2.2. Soft Links
• 2.2.3. Child Pointers
• 2.2.4. Summary
• 2.3. Security in the Cell Directory Environment
• 2.4. CDS User Interfaces

3. How CDS Looks Up Names

• 3.1. Translating from Names to Resources
• 3.2. How CDS Finds Names
• 3.2.1. The Solicitation and Advertisement Protocol
• 3.2.2. Lookups
• 3.2.3. The cdscache create Command

4. How CDS Updates Data

• 4.1. Update Propagation
• 4.2. Skulk Operation
• 4.3. How Timestamps Help Keep Data Consistent

5. Managing the DCE Directory Service

• 5.1. Using the dcecp Program
• 5.1.1. CDS Managed Objects
• 5.1.2. dcecp Operations for CDS
• 5.1.3. CDS Object Attributes
• 5.2. Using the cdscp Program
• 5.2.1. Starting and Exiting
• 5.2.2. cdscp Program Commands

6. Controlling Access to CDS Names

• 6.1. Overview of DCE Authorization for CDS
• 6.2. ACL Types Supported by CDS
• 6.3. How Permissions Propagate to CDS Directories and Their Contents
• 6.4. ACL Entry Types Used for Principals
• 6.5. DCE Permissions Supported by CDS
• 6.6. Controlling Access to CDS Clerk and Server Management Operations
• 6.7. Control Program Commands and Required Permissions
• 6.8. Editing ACLs on CDS Names
• 6.9. How CDS Servers Gain Access to the Namespace
• 6.10. Setting Up Access Control in a New Namespace
• 6.10.1. Adding Members to the Namespace Authorization Group
• 6.10.2. Creating Additional Authorization Groups
• 6.10.3. Establishing Maximum Permissions for Unauthenticated Principals

7. Managing Clerks, Servers, and Clearinghouses

• 7.1. Monitoring Clerk, Server, and Clearinghouse Counters
• 7.1.1. Displaying Clerk Counters
• 7.1.2. Displaying Server Counters
• 7.1.3. Displaying Clearinghouse Counters
• 7.2. Monitoring Clerk Communications with Specific Clearinghouses
• 7.3. Displaying the Contents of a Clearinghouse
• 7.4. Forcing the Clearinghouse to Checkpoint to Disk
• 7.5. Disabling Clerks and Servers
• 7.5.1. Disabling a Clerk
• 7.5.2. Disabling a Server
• 7.6. Restarting Clerks and Servers
• 7.6.1. Restarting a Clerk
• 7.6.2. Restarting a Server
• 7.7. Preserving a Clearinghouse Across a Server System Upgrade
• 7.8. Backing Up Namespace Information
• 7.8.1. Using Replication to Back Up Namespace Information
• 7.8.2. Using Operating System Backups

8. Managing CDS Directories

• 8.1. Creating Directories
• 8.1.1. Permissions for Creating a Directory
• 8.1.2. Entering the directory create Command
• 8.1.3. Checking the ACL Entries for a New Directory
• 8.1.4. Upgrading the Directory Version on the Cell Root Directory
• 8.1.5. Upgrading the Directory Version on a Directory
• 8.2. Creating a Read-Only Replica
• 8.2.1. Before You Create a Replica
• 8.2.2. Permissions for Creating Replicas
• 8.2.3. Entering the directory create Command
• 8.3. Deleting a Read-Only Replica
• 8.3.1. Permissions for Deleting a Replica
• 8.3.2. Entering the directory delete Command
• 8.4. Skulking a Directory
• 8.4.1. Permissions for Skulking a Directory
• 8.4.2. Entering the directory synchronize Command
• 8.4.3. Synchronizing CDS Server Clocks
• 8.5. Modifying a Directory's Convergence
• 8.5.1. Before You Modify a Directory's Convergence
• 8.5.2. Permissions for Modifying a Directory's Convergence
• 8.5.3. Entering the directory modify Command

9. Listing the Contents of a Namespace

• 9.1. Displaying the Attribute Values of CDS Names
• 9.2. Displaying Clerk and Server Attribute Information

10. Using the CDS Subtree Commands to Restructure CDS Directories

• 10.1. Overview of the Merge and Append Procedures
• 10.2. Merging CDS Directories
• 10.2.1. Appending CDS Directories
• 10.2.2. Modifying ACLs at the Target Location
• 10.3. Handling Errors
• 10.3.1. Duplicate Names
• 10.3.2. Unreachable Name Failures
• 10.3.3. Insufficient Permissions
• 10.4. Merging CDS Directories into a Foreign Cell
• 10.4.1. Establishing Cross-Cell Authentication
• 10.5. Restoring Merged CDS Directories

11. Restructuring a Namespace

• 11.1. Managing Soft Links
• 11.1.1. Creating a Soft Link
• 11.1.2. Changing a Soft Link's Destination Name
• 11.1.3. Changing a Soft Link's Expiration or Extension Value
• 11.1.4. Deleting a Soft Link
• 11.2. Modifying a Directory's Replica Set
• 11.2.1. Before You Modify a Replica Set
• 11.2.2. Permissions Required for Modifying a Replica Set
• 11.2.3. Designating a New Master Replica
• 11.2.4. Excluding a Replica from a Replica Set
• 11.3. Deleting Directories
• 11.3.1. Deleting a Non-Replicated Directory
• 11.3.2. Deleting a Directory Replica
• 11.4. Relocating a Clearinghouse
• 11.4.1. Dissociating a Clearinghouse from Its Host Server System
• 11.4.2. Copying the Clearinghouse Database Files to the Target Server System
• 11.4.3. Starting the Clearinghouse on the Target Server
• 11.5. Deleting a Clearinghouse
• 11.5.1. Before You Delete a Clearinghouse
• 11.5.2. Permissions for Deleting a Clearinghouse
• 11.5.3. To Delete a Clearinghouse
• 11.6. Creating and Managing Hierarchical Cells
• 11.6.1. Creating a Cell Hierarchy
• 11.6.2. Adding a Cell to a Cell Hierarchy
• 11.6.3. Changing Primary Cell Names in a Cell Hierarchy

12. Managing Intercell Naming

• 12.1. How the Global Directory Agent Works
• 12.2. Managing the Global Directory Agent
• 12.3. Enabling Other Cells to Find Your Cell

13. Introduction to the DCE Distributed Time Service

• 13.1. DTS Advantages
• 13.1.1. Applications Support
• 13.1.2. External Time-Provider Support
• 13.1.3. Manageability
• 13.1.4. Quantitative Inaccuracy Measurement
• 13.2. Basic DTS Concepts
• 13.2.1. Time Measurement Factors
• 13.2.1.1. Clock Error
• 13.2.1.2. Communications and Processing Uncertainties
• 13.2.2. Inaccuracy Values
• 13.2.3. Synchronizing System Clocks
• 13.2.4. How DTS Adjusts System Clocks
• 13.2.5. DTS Time Representation
• 13.2.5.1. Absolute Time
• 13.2.5.2. Relative Time
• 13.3. How DTS Works
• 13.3.1. Clerks
• 13.3.2. Servers
• 13.3.2.1. The Local Server Set
• 13.3.2.2. The Global Server Set
• 13.3.2.3. Couriers

14. Planning Your DTS Implementation

• 14.1. The DTS Planning Team
• 14.2. General Planning Guidelines
• 14.3. Configuring DTS for a LAN
• 14.4. Configuring DTS for an Extended LAN
• 14.5. Configuring DTS for WANs and WAN Links
• 14.5.1. LANs with WAN Links to Remote Sites
• 14.5.2. LANs Connected by WAN Links
• 14.5.3. WAN Cells
• 14.6. Planning for External Time-Providers

15. Managing the DCE Distributed Time Service

• 15.1. Using the dcecp Program
• 15.1.1. DTS Objects
• 15.1.2. dcecp Operations for DTS
• 15.1.3. DTS Object Attributes and Counters
• 15.2. DTS Timestamp Format
• 15.3. Reconfiguring DTS on Nodes
• 15.3.1. Stopping an Existing Clerk or Server
• 15.3.2. Creating a New Clerk or Server
• 15.3.3. Setting Clerk and Server Attribute Values
• 15.4. Temporarily Reconfiguring DTS
• 15.5. Modifying Clerk and Server Attributes
• 15.5.1. The minservers Attribute
• 15.5.2. Use of minservers Attribute with Global Servers
• 15.5.3. Use of minservers Attribute with Systems on Point-to-Point Lines
• 15.5.4. The maxinaccuracy Attribute
• 15.5.5. The syncinterval Attribute
• 15.5.6. The tolerance Attribute
• 15.5.7. The localtimeout, globaltimeout, and queryattempts Attributes
• 15.5.8. The serverentry and serverprincipal Attributes
• 15.6. Management Tasks Specific to Servers
• 15.6.1. Designating Global and Courier Servers
• 15.6.1.1. Advertising Global Servers
• 15.6.1.2. Assigning the Courier Role to Servers
• 15.6.2. Designating Global Servers Outside a Cell
• 15.6.3. Matching Server Epochs
• 15.6.4. Setting the checkinterval Attribute for Connection to a Timeprovider
• 15.7. Changing the System Time
• 15.7.1. Updating the Time Monotonically
• 15.7.2. Updating the Time Nonmonotonically
• 15.7.3. Forcing System Synchronization
• 15.8. Controlling Access to DTS

16. Interoperation with Network Time Protocol

• 16.1. Getting the Time from NTP Time Sources
• 16.1.1. Getting the Time from Local NTP Time Sources
• 16.1.2. Getting the Time from Remote NTP Time Sources
• 16.2. Giving the Time to NTP Nodes
• 16.3. Preventing Loops

17. An Overview of DCE Security

• 17.1. DCE Authentication Service Servers and Clients
• 17.2. The Registry Database
• 17.3. Physical Security of the Database
• 17.4. How the Registry Database is Stored
• 17.5. Replicated Databases
• 17.6. How Updates Are Handled
• 17.6.1. Master and Slave Replicas
• 17.6.2. Handling Database Updates
• 17.6.3. Propagating Database Changes
• 17.6.4. Master/Slave Authentication
• 17.7. The /etc/passwd and /etc/group Files and the Registry
• 17.8. The Local Registry
• 17.9. Names for Security Objects
• 17.9.1. Using Names with dcecp Security Commands
• 17.9.2. Using Names with the dcecp acl Command

18. Using Access Control Lists

• 18.1. Authorization Overview
• 18.1.1. ACL Managers
• 18.1.2. ACL Interpretation
• 18.1.3. Credentials Inherited by Processes
• 18.2. ACL Entries and Masks
• 18.2.1. ACL Syntax
• 18.2.2. ACL Entry Types for Principals and Groups
• 18.2.3. Group Permissions and Project Lists
• 18.2.4. Using Principal and Group ACL Entries
• 18.2.5. ACL Entry Types for Masks
• 18.2.6. ACL Entry Types for Dissimilar DCE Releases
• 18.2.7. The Checking Sequence for ACL Entries
• 18.2.7.1. The mask.obj Mask and ACL Checking
• 18.2.7.2. The Unauthenticated Mask and ACL Checking
• 18.2.7.3. The Effect of the Checking Order on Granting Permissions
• 18.2.8. Denying Access
• 18.3. ACL Management Tasks
• 18.4. Copying ACLs
• 18.5. Generating ACLs From Files
• 18.6. Container ACLs
• 18.6.1. Objects and Containers
• 18.6.2. Initial ACLs for Objects and Containers
• 18.6.2.1. Default ACLs for Objects
• 18.6.2.2. Default ACLs for Containers
• 18.6.2.3. Default Container ACL Example
• 18.6.3. Effect of Masks When Editing ACLs

19. Control Programs for Managing the Security Service

• 19.1. Using the DCE Control Program
• 19.1.1. Security Service Objects
• 19.1.2. dcecp Operations for the Security Service
• 19.2. Using the Registry Editor
• 19.2.1. Starting, Stopping, and Getting Help
• 19.2.2. rgy.edt Commands for Local Registry Maintenance
• 19.3. Using the sec.admin Program
• 19.3.1. Starting, Stopping, and Getting Help
• 19.3.2. sec.admin Commands for Reconfiguring Replica Sets

20. Creating and Maintaining Principals, Groups, and Organizations

• 20.1. Principal, Group, and Organization Names
• 20.1.1. Primary Names
• 20.1.2. Full Names
• 20.1.3. Aliases
• 20.1.4. Name Formats
• 20.2. Reserved Principals and Accounts
• 20.3. Object Creation Quotas
• 20.4. Universal Unique Identifiers and UNIX IDs
• 20.5. Adding and Maintaining Principals
• 20.5.1. Adding Principals
• 20.5.2. Changing Principals
• 20.5.2.1. Changing Primary Names
• 20.5.2.2. Changing Principal Information
• 20.5.3. Deleting Principals and Aliases
• 20.6. Extended Security Attributes for Principals
• 20.6.1. DCE 1.1 Authentication
• 20.6.1.1. Managing User Authentication
• 20.6.1.2. Preauthentication Interoperability Between DCE Versions
• 20.6.2. Managing Invalid Login Handling
• 20.6.3. Managing Password Strength and Password Generation
• 20.6.3.1. Managing a Password Management Server
• 20.6.3.2. Generating Passwords Using dcecp
• 20.6.4. Managing Password Expiration
• 20.7. Adding and Maintaining Groups and Organizations
• 20.7.1. Project Lists
• 20.7.1.1. Project Lists and Rights
• 20.7.1.2. Prohibiting Inclusion on Project Lists
• 20.7.2. Adding Groups and Organizations
• 20.7.2.1. Adding a Group
• 20.7.2.2. Adding an Organization
• 20.7.3. Changing Groups and Organizations
• 20.7.4. Deleting Groups and Organizations
• 20.8. Maintaining Membership Lists
• 20.8.1. Effects of Account Creation on Membership Lists
• 20.8.2. Adding and Deleting Group Members
• 20.9. Creating an Maintaining Aliases for Principals or Groups
• 20.9.1. Creating Aliases
• 20.9.2. Changing Primary Names to Aliases and Vice Versa

21. Creating and Maintaining Accounts

• 21.1. User Accounts
• 21.2. Server Accounts
• 21.2.1. Passwords for Server Accounts
• 21.2.2. Steps for Creating Server Accounts
• 21.3. Machine Accounts
• 21.4. How Identities Represented by Accounts Are Authenticated
• 21.4.1. Privilege Attributes
• 21.4.2. Ticket-Granting Tickets and Tickets to Services
• 21.4.3. Displaying Privilege Attributes and Tickets
• 21.4.3.1. The First Part of the klist Display -- Privilege Attributes
• 21.4.3.2. The Second Part of the klist Display -- Expiration Dates and Times
• 21.4.3.3. The Third Part of the klist Display -- Tickets
• 21.4.4. Destroying a Principal's Tickets
• 21.5. Adding Accounts
• 21.5.1. Setting Ticket Lifetimes
• 21.5.1.1. Ticket-Granting Ticket Lifetimes and Service Ticket Lifetimes
• 21.5.2. Adding Accounts Example
• 21.5.3. Modifying Accounts
• 21.5.4. Deleting Accounts
• 21.6. Creating, Maintaining, and Deleting Keytab Files
• 21.6.1. The Keytab File
• 21.6.1.1. Protecting Keytab Files
• 21.6.1.2. Server and Machine Key Version Numbers
• 21.6.2. Creating and Maintaining Keys and Keytab Files
• 21.6.2.1. Creating a Keytab File
• 21.6.2.2. Adding Entries to a Keytab File
• 21.6.2.3. Removing Entries from Keytab Files
• 21.6.3. Removing Keytab Files
• 21.6.4. Changing Server and Machine Passwords in the Keytab File
• 21.6.5. Handling Compromised Server or Machine Passwords in the Keytab File
• 21.7. Maintaining the Local Registry
• 21.7.1. The Registry Capacity Property
• 21.7.2. Setting the Capacity and Lifespan Properties
• 21.7.3. Purging Expired Entries

22. Creating and Using Extended Registry Attributes

• 22.1. The xattrschema Object
• 22.2. Creating and Maintaining Attribute Types
• 22.2.1. Creating Attribute Types
• 22.2.2. Creating Attribute Types
• 22.2.3. Modifying Attribute Types
• 22.2.4. Renaming Attribute Types
• 22.2.5. Deleting Attribute Types
• 22.2.6. Defining the ACL Managers for Attributes
• 22.2.7. Defining the Attribute Type Encoding
• 22.3. Defining Attribute Trigger Servers
• 22.3.1. The trigtype Option
• 22.3.2. The -trigbind Option
• 22.3.2.1. Specifying the Authentication Type
• 22.3.2.2. Specifying the Binding Information
• 22.3.2.3. Sample Value for the trigbind Option
• 22.4. Creating and Maintaining Attribute Instances
• 22.4.1. Attaching Attribute Instances to Objects
• 22.4.2. Modifying Attribute Instances
• 22.4.3. Deleting Attribute Instances
• 22.4.4. Using Attribute Sets

23. Administering a Multicell Environment

• 23.1. Trust Relationships
• 23.1.1. Direct Trust Relationships
• 23.1.2. Transitive Trust Relationships
• 23.1.3. Establishing Trust Relationships
• 23.1.4. Constraints on Transitive Trust Relationships
• 23.2. Creating Trust Relationships
• 23.2.1. Command Options for the registry connect Command
• 23.2.2. Creating Cross-Cell Authentication Accounts Example
• 23.2.3. The Accounts Created by the registry connect Command
• 23.3. Modifying Cross-Cell Authentication Accounts

24. Viewing Registry Information

• 24.1. Displaying Account Information
• 24.2. Displaying Group and Organization Information
• 24.3. Displaying Principal Information
• 24.4. Displaying xattrschema Information
• 24.5. Displaying ACL Information
• 24.6. Displaying keytab Information

25. Maintaining Policies and Properties

• 25.1. Policies
• 25.1.1. Standard Policy
• 25.1.1.1. Account Lifespan
• 25.1.1.2. Password Lifespan
• 25.1.1.3. Password Expiration Date
• 25.1.1.4. Password Format
• 25.1.2. Authentication Policy
• 25.1.2.1. Maximum Ticket Renewable Time
• 25.1.2.2. Maximum Ticket Lifetime
• 25.1.3. Handling Conflicting Policies
• 25.1.4. The Effects of Changes on Existing Policies
• 25.1.5. Displaying and Setting Standard and Authentication Policies
• 25.2. Properties
• 25.2.1. Default Ticket Lifetime Property
• 25.2.2. Hidden Password Property
• 25.2.3. Minimum Group ID Property
• 25.2.4. Minimum UNIX ID Property
• 25.2.5. Minimum UNIX ID Property
• 25.2.6. Maximum UNIX ID Property
• 25.2.7. Minimum Ticket Lifetime Property
• 25.2.8. Displaying and Setting Properties

26. Performing Routine Maintenance

• 26.1. Adding Accounts
• 26.2. Overriding Entries in the Local Registry
• 26.2.1. How Overrides Work
• 26.2.2. The passwd.override File Format
• 26.2.3. The group.override File Format
• 26.2.3.1. Description
• 26.2.3.2. File Format
• 26.2.3.3. Field Descriptions
• 26.2.3.4. Leaving Fields Blank
• 26.2.3.5. Using OMIT
• 26.2.3.6. Examples
• 26.2.4. Creating Override File Entries
• 26.2.5. Leaving passwd.override File Fields Blank
• 26.2.6. Specifying Passwords for a Specific Machine
• 26.2.7. Preventing Login to a Machine
• 26.2.8. Omitting Users from the Local Password Files
• 26.2.9. Specifying a Home Directory and Login Shell for a Machine
• 26.2.10. Overriding a Principal's Group Affiliation
• 26.2.11. Applying Overrides to All Members of a Group
• 26.2.12. How passwd.override Handles Multiple Override Entries
• 26.3. Changing the Registry's Master Key
• 26.4. Validating the Authenticity of the DCE Security Service
• 26.5. Backing Up and Restoring the Registry Database
• 26.5.1. Procedures for Backing Up the Registry Database
• 26.5.2. Procedure for Restoring the Registry Database
• 26.6. Setting the _s(sec) Variable
• 26.7. Ensuring Consistent Local Files

27. Handling Network Reconfigurations

• 27.1. Changing the Master Replica Site
• 27.2. Removing a Server Machine from the Network
• 27.3. Handling Network Address Changes
• 27.3.1. Updating the pe.site File
• 27.3.2. Handling Simultaneous Address Changes

28. Setting Up the Registry

• 28.1. Planning Sites for Security Service Components
• 28.2. Creating the Master Registry Database
• 28.2.1. The sec.create.db Command Format
• 28.2.2. A sec.create.db Run Example
• 28.2.3. The Results of sec.create.db
• 28.3. Starting the Master Replica
• 28.4. Populating the New Registry Database
• 28.4.1. Setting Policies and Properties
• 28.4.2. Adding Accounts
• 28.5. Creating Slave Replicas
• 28.6. Verifying That the Replicas are Running

29. Importing UNIX Accounts to DCE

• 29.1. How passwd.import Works
• 29.1.1. The passwd.import Processing Steps
• 29.1.2. Registry Entries Created by passwd.import
• 29.2. The passwd.import Command Syntax
• 29.3. Using passwd.import
• 29.3.1. Using the Identical User Option
• 29.3.2. Using Check Mode
• 29.3.3. Resolving Conflicts
• 29.3.4. Answering Prompts
• 29.4. Sample passwd.import Session
• 29.4.1. Invoking passwd.import
• 29.4.2. Examining the Group File
• 29.4.3. Examining the Password File
• 29.4.4. Adding Members to Groups
• 29.4.5. Completing Processing

30. Troubleshooting Procedures

• 30.1. Restarting Security Servers
• 30.2. Restarting the Master Server in Locksmith Mode
• 30.2.1. Automatic Changes to the Locksmith Account
• 30.2.2. Starting a Security Server in Locksmith Mode
• 30.2.3. Restarting a Security Server in Locksmith Mode
• 30.3. Recovering the Master Replica
• 30.3.1. Determining the Most Current Database
• 30.3.2. Turning a Slave into the Master
• 30.4. Recovering Slave Replicas
• 30.5. Turning a Master into a Slave
• 30.6. Forcibly Deleting a Slave Replica
• 30.7. Restoring a Duplicate Master
• 30.8. Adopting Registry Orphans

31. Accessing Registry Objects

• 31.1. The Registry Database
• 31.2. Registry Permissions
• 31.2.1. Management, Authentication, and User Information
• 31.2.1.1. Management Information
• 31.2.1.2. Authentication Information
• 31.2.1.3. User Information
• 31.2.2. Permission Required to Create Principals, Groups, or Organizations
• 31.2.3. Permissions Required to Delete Principals, Group, or Organizations
• 31.2.4. Permissions Required to Add Accounts
• 31.2.4.1. Adding an Account and the Account Principal to the Group and Organization
• 31.2.4.2. Adding an Account for Which the Principal Is Already a Member of the Group and Organization
• 31.2.4.3. Adding an Account and the Principal to the Group Only
• 31.2.4.4. Adding an Account and the Principal to the Organization Only
• 31.2.5. Permissions Required to Delete Accounts
• 31.2.6. Permissions Required to Add Members to Groups
• 31.2.7. Permissions Required to Add Members to Organizations
• 31.2.8. Permissions to Delete Members from Groups or Organizations
• 31.2.9. Permissions Required to Change a Principal's, Group's, or Organization's Full Name
• 31.2.10. Permissions Required to Change Management Information for Principals, Groups, or Organizations
• 31.2.11. Permissions Required to Change Management, Authentication, and User Information (Except Passwords) for Accounts
• 31.2.12. Permissions Required to Change Passwords for Accounts
• 31.2.13. Permissions Required to Change Authentication and Management Information for Registry Policies and Properties
• 31.2.14. Permissions Required to Execute Commands that Act on Replicas
• 31.2.15. Permissions Required to Create Extended Registry Attribute Types
• 31.2.16. Permissions Required to Delete Extended Attribute Types
• 31.2.16.1. Permissions Required to View Extended Registry Attribute Types
• 31.2.17. Permissions Required to Modify Extended Registry Attribute Types
• 31.2.18. Permission Required to Change ACLs on Registry Objects
• 31.2.19. Permissions Required by Slave Replicas
• 31.3. Registry ACL Manager
• 31.4. Initial Registry ACLs

32. DCE Audit Service

• 32.1. Features of the DCE Audit Service
• 32.2. Components of DCE Audit Service
• 32.3. DCE Audit Service Concepts
• 32.3.1. Audit Clients
• 32.3.2. Code Point
• 32.3.3. Audit Event
• 32.3.4. Event Number
• 32.3.5. Event Class
• 32.3.6. Event Class Files
• 32.3.7. Event Class Names
• 32.3.8. Event Class Numbers
• 32.3.9. Event Class Number Formats
• 32.3.10. Filters
• 32.3.10.1. Filter Subject Identity
• 32.3.10.2. Filter Guides
• 32.3.10.3. Example of Filter Guides
• 32.3.10.4. Filter Rules
• 32.3.11. Audit Trail File
• 32.4. Administration and Programming in DCE Audit
• 32.4.1. Programmer Tasks
• 32.4.2. Administrator Tasks

33. DCE Audit Service Administrative Tasks

• 33.1. Setting DCE Audit Environment Variables
• 33.2. Starting the Audit Daemon
• 33.3. Controlling Access to the Audit Daemon
• 33.3.1. DCE Permissions Supported by the DCE Audit Service
• 33.3.2. Initial ACL of the Audit Daemon
• 33.3.3. Giving Permissions to Audit Clients and Administrators
• 33.4. Defining Event Classes
• 33.4.1. Steps in Defining an Event Class
• 33.4.2. Example Event Class File
• 33.5. Creating and Maintaining Filters
• 33.5.1. How To Create Filters
• 33.5.2. How To Modify Filters
• 33.5.3. How To Delete Filters
• 33.5.4. Default Filters
• 33.5.5. Enabling Audit Filters
• 33.5.5.1. Removing the Update Binding File
• 33.5.5.2. Buffering of the Audit Trail
• 33.6. Enabling and Disabling the Audit Logging Service
• 33.7. Modifying and Querying Audit Daemon Attributes
• 33.8. Controlling and Displaying Audit Trails
• 33.8.1. Displaying Audit Trail Files
• 33.8.2. Controlling the Audit Trail Size
• 33.8.3. Changing the Audit Trail File Storage Option

A. Valid Characters and Naming Rules for CDS

• A.1. Metacharacters
• A.2. Additional Rules
• A.3. Maximum Name Sizes

B. Object Identifier Files

• B.1. Origin of Object Identifiers
• B.2. The cds.attributes File
• B.3. Modifying the Files
• B.4. Modifying a CDS Entity's Attributes
• B.4.1. Adding a New Attribute
• B.4.2. Modifying the Value of an Existing Attribute
• B.4.3. Removing an Attribute

C. Time-Providers and Time Services

• C.1. Criteria for Selecting a Time Source
• C.2. Sources of Coordinated Universal Time
• C.2.1. Telephone Services
• C.2.2. Radio Transmissions
• C.2.3. Network Time Protocol
• C.2.4. Satellite
• C.3. World Time Zone Map

D. DTS Extended BNF