Planning and Configuring HP-UX DCE 1.9

ManualsBrandsHP ManualsSoftwareHP-UX DCE Software

100

101

102

Chapter 8

Notes on Cell Administration

Establishing Intercell Communication

101

Where:

TXT_data

is the TXT data from cdscp show cell (note that this data must be entered on a

single line), and

hostname.xyz.com

is the full domain name of the CDS server system that maintains

that clearinghouse. The quotation marks are literal, and the absolute name of the host must be used (in

this case) without the trailing dot.

4. In the same text ﬁle, create a line for each different

hostname.xyz.com

that you have added to the TXT

records. For example:

cell.xyz.com. IN MX 1

hostname.xyz.com.

5. Add these records to your DNS database, or give these records to your DNS administrator.

Establishing Peer-to-Peer Trust

Peer-to-peer trust means a principal from one cell is trusted by another cell; the second cell trusts that the

ﬁrst cell has authenticated the identity of the principal. Use the following procedure to enable peer-to-peer

trust between cells:

1. Check that both cells are running gdad, and that the DNS resource records for both cells are in the DNS

database.

2. dce_login as cell administrator to one of the two cells.

3. Use the dcecp registry connect command:

dcecp> registry connect /.../

foreign_cell_name

\-facct cell_admin \-facctpw

foreign_cell_admin_pwd

\-group none\-fgroup none\-org none\-forg none\-mypwd

local_cell_admin_pwd

NOTE As of HP-UX DCE 1.6, intercell logins by members of trusted cells are disabled by default to

protect against insecure intercell logins. (This differs from standard OSF DCE 1.2.1 behavior.)

If you want to permit intercell logins, specify one or both of the following options to the dcecp

registry connect command:

-acctvalid — Marks the local cell account as a valid account. A valid local cell account allows

users from the foreign cell to login to nodes in the local cell. The default is invalid.

-facctvalid — Marks the foreign cell account as a valid account. A valid foreign cell account

allows users from the local cell to log in to nodes in the foreign cell. The default is invalid.

For example, to enable peer-to-peer trust between two cells and permit intercell logins in both directions

between them:

dcecp> registry connect /.../

foreign_cell_name

\-facct cell_admin\-facctpw

foreign_cell_admin_pwd

-acctvalid\-facctvalid\-group none\-fgroup none\ -fgroup none\ -org none\ -forg none\ -mypwd

local_cell_admin_pwd

See "Creating Trust Relationships" in the OSF DCE Administration Guide - Core Components for detailed

information on establishing peer-to- peer trust. See the online version of the dcecp_registry manpage for

information on the acctvalid and facctvalid options.