secd(1m)secd(1m)NAMEsecd - The DCE Security Server
SYNOPSISsecd [-b[ootstrap]] [-lockpw] [-locksm[ith]] [pname] [-rem[ote]]
[-master_seqno new_master_seqno] [-cpi time] [-restore_master]
[-noaudfilter] [-v[erbose]]
OPTIONS
Restarts the master Security Server in locksmith mode. Use this mode
if you cannot access the registry as the principal with full registry
access, because that principal's account has been inadvertently deleted
or its password lost. The pname argument is the name of the locksmith
principal. If no registry account exists for this principal, secd cre‐
ates one. Prompt for a new locksmith password when running in lock‐
smith mode. This option allows you to specify a new password for the
locksmith account when the old one is unknown. Allows the locksmith
principal to log in remotely. If this option is not used, the princi‐
pal must log in from the local machine on which secd will be started.
Always waits only one minute between tries to export binding informa‐
tion to the Cell Directory Service during DCE configuration. If you do
not specify this option, during initialization secd sleeps for 1 minute
if CDS is not available when it tries to export binding information.
If the export fails a second time, it sleeps for 2 minutes before it
tries again. If it still fails, it sleeps for 4, 8, and 16 minutes
between retries. Then, sleep time stays at 16 minutes until the bind‐
ing export succeeds. Sets a new master sequence number for the master
replica. This option is used only in unusual situations when a replica
that you want to be the master has a master sequence number that is
lower than (or equal to) another master sequence number in the system.
When the master detects that its master sequence number is lower than
another one in the system, it marks itself as a duplicate master and
its process exits. Each time you start the master replica, it will
notice that it has been deemed a duplicate master, and its process will
again exit. Use this option to assign a new master sequence number to
the replica you want to be master. The new sequence number should be
one digit higher than the highest master sequence number in the system.
(Use the dcecp registry show -replica command for each replica to find
the highest master sequence number.) The checkpoint interval for the
master registry database. This is the interval in seconds at which the
master will read its database to disk. The default is one hour. Marks
all slave replicas for initialization during the master restart. Use
this option only to recover from a catastrophic failure of the master
security server (for example, if the database is corrupted and then
restored from a backup tape). Disables audit filtering and enables
full (unfiltered) auditing. By default secd turns audit filtering on.
Runs in verbose mode.
All options start the Security Server on the local node.
DESCRIPTION
The secd daemon is the Security Server. It manages all access to the
registry database. You must have root privileges to invoke the secd.
The Security Server can be replicated, so that several copies of the
registry database exist on a network, each managed by a secd process.
Only one Security Server, the master replica, can perform database
update operations (such as adding an account). Other servers, the
slave replicas, can perform only lookup operations (such as validating
a login attempt).
A DCE Host daemon (dced) must be running on the local node when secd is
started. Typically, dced and secd are started at boot time. The secd
server places itself in the background when it is ready to service
requests.
Locksmith Mode
The secd-locksmith option starts secd in locksmith mode. The -lock‐
smith option can be used only with the master replica. In locksmith
mode, the principal name you specify to secd with pname becomes the
locksmith principal. As the locksmith principal, you can repair mali‐
cious or accidental changes that prevent you from logging in with full
registry access privileges.
If no account exists for pname, secd establishes one and prompts you
for the account's password. (Use this password when you log in to the
account as the locksmith principal.) If an account for pname exists,
secd changes the account and policy information as described in the
tables titled "Locksmith Account Changes Made by the Security Server"
and "Registry Policy Changes Made by the Security Server." These
changes ensure that even if account or registry policy was tampered
with, you will now be able to log in to the locksmith account.
In locksmith mode, all principals with valid accounts can log in and
operate on the registry with normal access checking. The locksmith
principal, however, is granted special access to the registry: no
access checking is performed for the authenticated locksmith principal.
This means that, as the locksmith principal, you can operate on the
registry with full access.
┌────────────────────────────────────────────────────────┬─────────────────────────────────────┐
│If the Security Server finds │ It changes │
├────────────────────────────────────────────────────────┼─────────────────────────────────────┤
│Password-Valid flag is set to no │ Password-Valid flag to yes │
├────────────────────────────────────────────────────────┼─────────────────────────────────────┤
│Account Expiration date is set to less than the current │ Account Expiration date to the cur‐ │
│time plus one hour │ rent time plus one hour │
├────────────────────────────────────────────────────────┼─────────────────────────────────────┤
│Client flag is set to no │ Client flag to yes │
├────────────────────────────────────────────────────────┼─────────────────────────────────────┤
│Account-Valid flag is set to no │ Account-Valid flag to yes │
├────────────────────────────────────────────────────────┼─────────────────────────────────────┤
│Good Since date is set to greater than the current time │ Good Since date to the current time │
├────────────────────────────────────────────────────────┼─────────────────────────────────────┤
│Password Expiration date is set to less than current │ Password Expiration date to the │
│time plus one hour │ current time plus one hour │
└────────────────────────────────────────────────────────┴─────────────────────────────────────┘
┌─────────────────────────────┬────────────────────────────┐
│If the Security Server finds │ It changes │
├─────────────────────────────┼────────────────────────────┤
│Account Lifespan is set to │ Account Lifespan to the │
│less than the difference │ current time plus one hour │
│between the locksmith │ minus the locksmith │
│account creation date and │ account creation date │
│the current time plus one │ │
│hour │ │
├─────────────────────────────┼────────────────────────────┤
│Password Expiration date is │ Password Expiration date │
│set to greater than the time │ to the current time plus │
│the password was last │ one hour │
│changed but less than the │ │
│current time plus one hour │ │
└─────────────────────────────┴────────────────────────────┘
Use the -lockpw option if the locksmith account exists but you do not
know its password. This option causes secd to prompt for a new lock‐
smith password and replace the existing password with the one entered.
Use the -remote option to allow the locksmith principal to log in from
a remote machine.
The secd program normally runs in the background. When you start secd
in locksmith mode, it runs in the foreground so that you can answer
prompts.
EXAMPLES
All of the commands shown in the following examples must be run by
root: Start a Security Server after you create the database with
sec_create_db. $ dcelocal/bin/secd Restart an existing replica (master
or slave). $ dcelocal/bin/secd Start the Security Server in locksmith
mode and allow the master_admin principal to log in on a remote
machine. $ dcelocal/bin/secd -locksmith master_admin -remote
secd(1m)