rgy_edit(1m) Open Software Foundation rgy_edit(1m)
NAME [Toc] [Back]
rgy_edit - Edits the registry database
SYNOPSIS [Toc] [Back]
rgy_edit [[[-a | -p | -g | -o] [-s name] [-up[date]]
[-v [-f] [name | -un[ix__number]] [-nq]] | -l]
OPTIONS [Toc] [Back]
The following options are supplied when rgy_edit is invoked. You can
specify only one of the options -a, -p, -g, and -o. If you specify
the -l option, you can specify no other options.
-a (default)
Edits or views accounts.
-p Edits or views principals.
-g Edits or views groups.
-o Edits or views organizations.
-s Binds to the registry site specified by name. The name
variable is either the fully qualified name of the cell that
contains the registry to which you want access, or the fully
qualified name of a specific registry server.
-up[date] Binds to a read-write registry site in the cell specified by
the -s option.
-v Views the registry entry specified by name or unix_number.
If no entry is specified, all entries are viewed.
-f Displays in full the entry (or entries) selected by the -v
option. The full entry includes all fields except the
membership list and organization policy.
-nq Specifies that delete operations will not be queried. The
default is to prompt the user for verification when a delete
operation is requested.
-l Edits or views entries in local registry.
NOTES [Toc] [Back]
With the exception of the following subcommands, this command is
replaced at Revision 1.1 by the dcecp command. This command may be
fully replaced by the dcecp command in a future release of DCE, and
may no longer be supported at that time.
Hewlett-Packard Company - 1 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
rgy_edit(1m) Open Software Foundation rgy_edit(1m)
+ defaults
+ domain
+ scope
+ help
+ quit
+ exit
+ delete
+ purge
+ view
DESCRIPTION [Toc] [Back]
The rgy_edit tool views and edits information in the registry
database. You can invoke rgy_edit from any node.
You can edit and view principals, groups, organization, accounts, and
policies in the network registry (the default) or perform a subset of
those functions on the local registry (using the -l option). Changes
made by rgy_edit apply only to the registry. They do not apply to the
local override file or the local password and group files, both of
which can be edited manually. You can view and change only those
registry objects to which you are granted the appropriate permissions.
Invoking rgy_edit [Toc] [Back]
When you invoke rgy_edit, it displays the following prompt:
rgy_edit=>
At this prompt, you can enter any of the rgy_edit subcommands, and
rgy_edit will prompt you for the required information. Alternatively,
you can enter the subcommand followed by all the options required to
perform a specific operation. The rgy_edit command may prompt you for
any required information you do not enter.
SUBCOMMANDS [Toc] [Back]
In the rgy_edit subcommands that follow, use two double quotation
marks with nothing in between to indicate a null fullname, password,
misc, homedir, or shell. Use double quotation marks to embed spaces,
or hyphens in fullname, misc, and homedir if you specify the argument
on the command line.
Hewlett-Packard Company - 2 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
rgy_edit(1m) Open Software Foundation rgy_edit(1m)
Principal, Group, and Organization Subcommands
v[iew] [name | -u unix_number] [-f] [-m] [-po]
Views registry entries. Whether name applies to a principal, group,
or organization depends on the domain in which you run rgy_edit. Use
the do[main] subcommand (described in Miscellaneous Commands, later in
this reference page) to change domains.
If you specify the -u unix_number option, rgy_edit displays all
matching entries, including any aliases.
The -f option displays entries in full (all fields except the
membership list and organization policy).
If you are viewing groups or organizations, -m displays the membership
list. For principals, -m lists all groups of which the principal is a
member, including groups that cannot appear in a project list.
If you are viewing organizations, -po displays policy information. If
you do not enter the -po option, rgy_edit shows only the
organization's name and the UNIX number.
a[dd] [principal_name [unix_number] [-f fullname] [-al] [-q quota]]
a[dd] [group_name [unix_number] [-f fullname [-nl]]] [-al] ls
a[dd] [organization_name [unix_number] [-f fullname]]
Create a new name entry.
If you do not specify principal_name, group_name, or organization-
name, the add subcommand prompts you for each field in the entry. If
you are adding organizations, the command prompts you for policy
information as well. If you specify only principal_name, group_name,
or organization_name and no other arguments, the object's fullname
defaults to "" (that is, blank), the object's UNIX number is assigned
automatically, and the object's creation quota defaults to unlimited.
Use the -al option to create an alias for an existing principal or
group. No two principals or groups can have the same UNIX number, but
a principal or group and all its aliases share the same UNIX number.
The -al option creates an alias name for a principal or group and
assigns the alias name the same UNIX number as the principal or group.
The -q option specifies the principal's object creation quota, the
total number of registry objects that can be created by the principal.
If you do not specify this option, the object creation quota defaults
to unlimited.
For groups, the -nl option indicates that the group is not to be
included on project lists; omitting this option allows the group to
appear on project lists.
Hewlett-Packard Company - 3 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
rgy_edit(1m) Open Software Foundation rgy_edit(1m)
c[hange] [principal_name [-n name] [-f fullname] [-al | -pr] [-q
quota]]
c[hange] [group_name [-n name] [-f fullname] [-nl | -l] ] [-al | -pr]
c[hange] [organization_name [-n name] [-f fullname]]
Changes a principal, group, or organization.
Specify the entry to change with principal_name, group_name, or
organization_name. If you do not specify a principal_name, group_name,
or organization_name, the change subcommand prompts you for a name.
If you do not specify any fields, the subcommand prompts you for each
field in succession. To leave a field unchanged, press <RETURN> at the
prompt. If you are changing organization entries in the interactive
mode, the subcommand prompts you for policy information as well.
Use -n name and -f fullname, to specify a new primary name or
fullname, respectively.
For principals and groups, the -al option changes a primary name into
an alias, and the -pr option changes an alias into a primary name.
This change can be made only from the command line, not in the
interactive mode.
The -q option specifies the total number of registry objects that can
be created by the principal.
For group entries, the -nl option disallows the group from appearing
in project lists, while the -l option allows the group to appear in
project lists.
For organization entries, you can change policy information only in
the interactive mode.
Changes to a principal name are reflected in membership lists that
contain the principal name. For example, if the principal ludwig is a
member of the group composers and the principal name is changed to
louis, the membership list for composers is automatically changed to
include louis but not ludwig.
For reserved names, you can change only fullname.
m[ember] [group_name | organization_name [-a member_list] [-r
member_list] ]
Edits the membership list for a group or organization.
If you do not specify a group or organization, the member subcommand
prompts you for names to add or remove.
Hewlett-Packard Company - 4 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
rgy_edit(1m) Open Software Foundation rgy_edit(1m)
To add names or aliases to a membership list, use the -a option
followed by the names separated by commas. To delete names from a
membership list, use the -r option followed by the names separated by
commas. If you do not include either the -a or -r option on the
command line, rgy_edit prompts you for names to add or remove.
Removing names from the membership list for a group or organization
has the side effect of deleting the login account for removed member
(and, of course, eliminating any permissions granted as a result of
the membership the next time the member's ticket-granting ticket is
renewed).
del[ete] name
Deletes a registry entry.
If you delete a principal, rgy_edit deletes the principal's account.
If you delete a group or organization, rgy_edit deletes any accounts
associated with the group or organization. You cannot delete reserved
principals.
adopt uuid principal_name [-u unix_number] [ -f fullname] [-q quota]
adopt uuid group_name [-f fullname] [-nl]
adopt uuid organization_name [-f fullname]
Creates a principal, group, or organization for the specified UUID.
The principal, group, or organization is created to adopt an orphan
object. Orphans are registry objects that cannot be accessed because
1) they are owned by UUIDs that are not associated with a principal or
group and 2) no other principal, group, or organization has access
rights to the orphaned object. UUIDs are associated with all registry
objects when the object is created. When the registry object is
deleted, the association between the object and the UUID is also
deleted.
The principal_name, group_name, or organization_name you specify must
be unique in the registry as it must be when you create a principal,
group, or organization using the add subcommand. Except for the
manner in which it is created, the principal, group, or organization
created by the adopt subcommand is no different from any other
principal, group, or organization.
The uuid option specifies the UUID number to be assigned to the
principal, group, or organization. The UUID supplied must be the one
that owns the orphaned object. Specify the uuid in RPC print string
format as 8 hexadecimal digits, a hyphen; 4 hexadecimal digits, a
Hewlett-Packard Company - 5 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
rgy_edit(1m) Open Software Foundation rgy_edit(1m)
hyphen; 4 hexadecimal digits, a hyphen; 4 hexadecimal digits, a
hyphen; and 12 hexadecimal digits. The format follows:
nnnnnnnn-nnnn-nnnn-nnnn-nnnnnnnnnnnn
For cell principals only, the -u option specifies the UNIX number to
be associated with the cell name. If you do not enter this option,
the next sequential UNIX number is supplied as a default. For all
principals other than cells, the UNIX number is extracted from
information embedded in the principal's UUID and cannot be specified
here.
For principals, the -q option specifies the principal's object
creation quota. If you do not enter the option, the object creation
quota is set to ''unlimited.''
For groups, the -nl option turns off the project list inclusion
property so that groups are not included in project lists. If you do
not enter this option, the group is included in project lists.
For principals, groups, and organizations, the -f option supplies the
object's fullname. If you do not enter the -f option, fullname
defaults to blank.
An error occurs if you specify a name or UNIX number that is already
defined within the same domain of the database.
Note that in the current implementation of the DCE, UNIX numbers are
embedded in UUID numbers. If you try to create a group or organization
to adopt an orphaned object and fail, it could be because the embedded
UNIX number is invalid because it does not fall within the range of
valid UNIX numbers set for the cell as a registry property. If this
is the case, you must reset the range of valid UNIX numbers to include
the UNIX number embedded in the UUID and then try again to adopt the
object.
Account Subcommands [Toc] [Back]
v[iew] [pname [gname [oname]]] [-f]
Displays login accounts.
Without the -f option, view displays only the user fields in each
account entry. These fields include each account's
+ Principal, group, and organization name
+ Encrypted password
Hewlett-Packard Company - 6 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
rgy_edit(1m) Open Software Foundation rgy_edit(1m)
+ Miscellaneous information
+ Home directory
+ Login shell
With -f, view displays the full entry, including the administrative
fields as well as the user fields. Administrative information
includes:
+ Who created the account
+ When the account was created
+ Who last changed the account
+ When the account was last changed
+ When the account expires
+ Whether the account is valid
+ Whether the account principal's password is valid
+ When the account principal's password was last changed
a[dd] [pname [-g gname -o oname -mp password {-rp | -pw password}
[-m misc] [-h homedir] [-s shell]
[-pnv | -pv] [-x account_exp | none] [-anv | -av]
[ [-ena[ble] option | -dis[able] option]...]
[-gs date_and_time] [-mcr lifespan] [-mcl lifespan]]]
Creates a login account.
If you enter the subcommand only or the subcommand and the optional
pname argument (principal name), rgy_edit prompts you for all
information. If you enter the subcommand, the pname argument, and the
gname (group name) argument or the the pname, gname and oname
(organization name) arguments, you must also enter the -mp, and -pw or
-rp options. All other options are optional.
The pname argument specifies the principal for whom the account should
be created. The -g and -o options specify the account's group and
organization. If the principal specified in pname is not already a
member of the specified group and organization, rgy_edit automatically
attempts to add the principal to the membership lists. If you do not
have the appropriate permissions for the group and organization, the
Hewlett-Packard Company - 7 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
rgy_edit(1m) Open Software Foundation rgy_edit(1m)
attempt will fail and the account will not be created.
The -rp option generates a random password for the account. The
primary use of this option is to create passwords for accounts that
will not be logged into (since the random password can never be
supplied.) The -pw option is used to supply a password for the account
on the command line.
If you use the -rp option or the -pw option, you must also use the -mp
option to supply your password so your identity can be validated.
If you do not specify the -rp option or the -pw option, rgy_edit
prompts for the account's password twice to ensure you did not make a
typing mistake. Then it prompts for your password to verify your
identity.
If the user's password management policy allows the selection of
generated passwords, specifying "*" as the argument to the -pw option
or at the account's password prompt automatically generates a
plaintext password.
If the user's password management policy requires the selection of
generated passwords, specifying the -pw option is an error. rgy_edit
displays a generated password and then prompts for the password for
confirmation. The format of password must adhere to the policy of
the associated organization or the policy of the registry as a whole,
whichever is more restrictive.
The information supplied with the -m option is used to create the
GECOS field for the account in the /etc/passwd file. If you run the
passwd_export command, this entry contains the concatenation of the
principal's full name and the information specified with the -m
option.
The -h option specifies the pathname of the principal's home
directory. The default homedir is /. The -s option specifies the
pathname of the principal's login shell. The default shell is a null
string.
The -pnv (password not valid) option specifies that the password has
expired. Generally, users must change their passwords when the
passwords expire. However, the policy to handle expired passwords and
the mechanism by which users change their passwords are defined for
each platform, usually through the login facility. The -pv option
indicates the password is not expired (the default).
The -x option sets an expiration date for the account in
yy/mm/dd/hh/mm/ss format. The default is "none," meaning that the
password will never expire.
Hewlett-Packard Company - 8 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
rgy_edit(1m) Open Software Foundation rgy_edit(1m)
The -anv (account not valid) option specifies that the account is not
currently valid for login. The -av option indicates the account is
currently valid (the default).
The -enable and -disable options set or clear the following options:
+ The c[lient] option, if enabled, allows the principal to act as
as a client and log in, acquire tickets, and be authenticated.
If you disable client, the principal cannot act as a client. The
default is enabled.
+ The s[erver] option, if enabled, allows the principal to act as a
server and engage in authenticated communication. If you disable
server, the principal cannot act as a server that engages in
authenticated communication. The default is enabled.
+ The po[stdated] option, if enabled, allows tickets with a start
time some time in the future to be issued to the account's
principal. The default is disabled.
+ The f[orwardable] option, if enabled, allows a new ticketgranting
ticket with a network address that differs from the
present ticket-granting ticket address to be issued to the
account's principal. The default is enabled.
+ The pr[oxiable] option, if enabled, allows a new ticket with a
different network address than the present ticket to be issued to
the account's principal. The default is disabled.
+ The T[GT_authentication] option, if enabled, specifies that
tickets issued to the account's principal can use the ticketgranting-ticket
authentication mechanism. The default is
enabled.
+ The r[enewable] option turns on the Kerberos V5 renewable ticket
feature. This feature is not currently used by the DCE; any use
of this option is unsupported at the present time.
+ The dup[_session_key] option allows tickets issued to the
account's principal to have duplicate keys. The default is
disabled.
The -gs (good since date) is the date and time the account was last
known to be valid. When accounts are created, this date is set to the
account creation time. If you change the good since date, any tickets
issued before the changed date are invalid. Enter the date in
yy/mm/dd.hh:mm format.
Hewlett-Packard Company - 9 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
rgy_edit(1m) Open Software Foundation rgy_edit(1m)
The -mcr (maximum certificate renewable) option is the number of hours
before a session with the principal's identity expires and the
principal must log in again to reauthenticate. The default is 4 weeks.
The -mcl (maximum certificate lifetime) option is the number of hours
before the Authentication Service must renew a principal's service
certificates. This is handled automatically and requires no action on
the part of the principal. The default is 1 day.
c[hange] [-p pname] [-g gname] [-o oname]
[-np pname] [-ng gname] [-no oname]
[{-rp | -pw password} -mp password]
[-m misc] [-h homedir] [-s shell]
[-pnv | -pv] [-x account_exp | none] [-anv | -av]
[[-ena[ble] option | -dis[able] option]...]
[-gs date_and_time] [-mcr lifespan] [-mcl lifespan]
Changes an account.
The -p, -g, and -o options identify the account to change. The -np, -
ng, and -no options change the account's, principal, group, and
organization, respectively.
If you do not specify all three -p, -g, and -o options, wildcard
updates can occur. For example, if you specify only the -g option,
the changes affect all accounts that are associated with the named
group. Note that you cannot use wildcarding to change passwords. To
change a password, you must enter the -p, -g, and -o options.
All other options have the same meaning as described in the add
command for accounts. Note that the -rp option can be used to change
the random passwords of the reserved accounts created by sec_create_db
when the registry database is created.
del[ete] -p pname [-g gname] [-o oname]
Deletes the specified account.
Enter the -p option to delete the specified principal's account.
Enter the -g or -o option to delete accounts associated with the
specified group or organization. If you enter the -g or -o option,
rgy_edit prompts individually for whether to delete each account
associated with the group or organization.
ce[ll] cellname [-ul unix_num] [-uf unix_num] [-gl gname] [-ol oname]
[-gf gname] [-of oname] [-mp passwd]
[-fa name] [-fp passwd]
[-q quota] [-x account_expiration_date | none]
Hewlett-Packard Company - 10 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
rgy_edit(1m) Open Software Foundation rgy_edit(1m)
Creates a cross-cell authentication account in the local and foreign
cells.
This account allows local principals to access objects in the foreign
cell as authenticated users and vice versa. The administrator in the
foreign cell must have also set up a standard account, whose ID and
password the administrator of the foreign cell must supply to you.
The cellname variable specifies the full pathname of the foreign cell
with which you will establish the cross-cell authentication account.
This name is stripped of the path qualifier and prefixed with
"krbtgt." The resulting name is used as the primary name for the
cross-cell authentication account. For example, if you enter
/.../dresden.com, the principal name is krbtgt/dresden.com.
The -ul option specifies the UNIX number for the local cell's
principal. The -uf option specifies the UNIX number for the foreign
cell's principal. If you do not specify these UNIX numbers, they are
generated automatically.
The -gl and -ol options specify the local account's group and
organization. The -gf and -of options specify the foreign account's
group and organization.
The -mp option specifies the password of the person who invoked
rgy_edit.
The -fa option specifies the name identifying the account in the
foreign cell, and the -fp option specifies the account's password.
The -q option specifies the total number of objects that can be
created in your cell's registry by all foreign users who use the
cross-cell authentication account to access your cell. The object
creation quota defaults to 0 (zero), meaning that principals in the
foreign cell cannot create objects in the local cell. The object
creation quota set for your cell's account in the foreign cell places
the same restriction on the number of objects that your cell's
principals can create in the foreign cell's registry.
The -x option specifies the account expiration date for both the local
and foreign accounts. The default for this option is "none."
Note that the object creation quota for the local account defaults to
0 (zero), meaning that principals in the foreign cell cannot create
objects in the local cell. You can change this with the rgy_edit
change subcommand.
Key Management Subcommands [Toc] [Back]
The key management subcommands must be run in command-line mode.
Hewlett-Packard Company - 11 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
rgy_edit(1m) Open Software Foundation rgy_edit(1m)
kta[dd] -p principal_name [-pw password] [-a[uto]] [-r[egistry]] [-f
keyfile]
Creates a password for a server or machine in the keytab file on the
local node.
The -p option specifies the name of the server or machine principal
for which you are creating a password.
The -pw option lets you supply the password on the command line. If
you do not enter this option or the -auto option, ktadd prompts for
the password.
The -a option generates the password randomly. If you use this
option, you must also use the -r option. If you do not specify the -
auto or the -pw option, you are prompted for a password.
The -r option updates the principal's password in the registry to
match the string you enter (or automatically generate) for the
password in the keytab file. Use it to ensure that the principal's
password in the registry and the keytab file are in synch when you
change a principal's password in the keytab file. To use this option,
a password for the principal must exist in the default keytab file or
the keytab file named by the -f option.
The -f option specifies the name of the server keytab file on the
local node to which you are adding the password. If you do not specify
a keytab file name, /krb5/v5srvtab is used. Note that you must be root
to add entries in the default keytab file.
ktl[ist] [-p principal_name] [-f keyfile]
Displays principal names and password version numbers in the local
keytab file.
The -p option specifies the name of the server or machine principal
for which you are displaying passwords.
The -f option specifies the name of the server keytab file on the
local node for which you want to display entries. If you do not
specify a keytab file name, /krb5/v5srvtab is used.
ktd[elete] -p principal_name -v version_number [-f keyfile]
Deletes a sever or machine principal's password entry from a keytab
file.
The -p option specifies the name of the server or machine principal
for whom you are deleting a password entry.
Hewlett-Packard Company - 12 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
rgy_edit(1m) Open Software Foundation rgy_edit(1m)
The -v option specifies the version number of the password you want to
delete. Version numbers are assigned to a principal's password
whenever the principal's password is changed. This allows any servers
or machines still using tickets granted under the old password to run
without interruption until the ticket expires naturally.
The -f option specifies the name of the server keytab file on the
local node from which you want to delete passwords. If you do not
specify a keytab file name, /krb5/v5srvtab is used. Note that you
must be root to delete entries in the default keytab file. You must
have the appropriate access rights to delete entries in other keytab
files.
Miscellaneous Commands [Toc] [Back]
do[main] [p | g | o | a]
Changes or displays the type of registry information being viewed or
edited.
You can specify p for principals, g for groups, o for organizations,
or a for accounts. If you supply no argument, rgy_edit displays the
current domain.
si[te] [[name]] [-u[pdate]]
Changes or displays the registry site being viewed or edited.
The name variable is the fully qualified name of the cell that
contains the registry to which you want access. If you supply no
argument, rgy_edit displays the current site.
The -update option indicates you want to talk to an update site in the
specified cell.
prop[erties]
Changes or displays registry properties.
This command prompts you for changes. Press <Return> to leave
information unchanged.
po[licy] [organization_name] [-al lifespan | forever] [-pl
passwd_lifespan | forever]
[-px passwd_exp_date | none] [-pm passwd_min_length] [-pa | -pna] [-ps
| -pns]
Changes or displays registry standard policy or the policy for an
organization.
Hewlett-Packard Company - 13 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
rgy_edit(1m) Open Software Foundation rgy_edit(1m)
Enter organization_name to display or change policy for that specific
organization. If you do not enter organization_name the subcommand
affects standard policy for the entire registry.
The -al option determines the account's lifespan, the period during
which accounts are valid. After this period of time passes, the
accounts become invalid and must be recreated. An account's lifespan
is also controlled by the add and change subcommands -x option. If
the two lifespans conflict, the shorter one is used. Enter the
lifespan in the following in the following format:
weekswdaysdhourshminutesm
For example, 4 weeks and 5 days is entered as w5d.
If you enter only a number and no weeks, days, or hours designation,
the designation defaults to hours. If you end the lifepan with an
number and no weeks, days, or hours designation, the number with no
designation defaults to seconds. For example, 12w30 is assumed to be
12 weeks thirty seconds.
The -pl option determines the password lifespan, the period of time
before account's password expires. Generally, users must change their
passwords when the passwords expire. However, the policy to handle
expired passwords and the mechanism by which users change their
passwords are defined for each platform, usually through the login
facility.
Enter passwd_lifespan as a number indicating the number of days. If
you define a password lifespan as forever, the password has an
unlimited lifespan.
The -px option specifies the password expiration date in
yy/mm/dd/hh.mm:ss format. Generally, users must change their passwords
when the passwords expire. However, the policy to handle expired
passwords and the mechanism by which users change their passwords are
defined for each platform, usually through the login facility.
If you define a password expiration date as none, the password has an
unlimited lifespan.
The -pm, -ps, -pns, -pa, and -pna options all control the format of
passwords as follows:
+ -pm - Specifies the minimum length of passwords in characters.
If you enter 0, no password minimum length is in effect.
+ -ps and -pns - Specify whether passwords can contain all spaces
(-ps) or can not be all spaces (-pns).
Hewlett-Packard Company - 14 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
rgy_edit(1m) Open Software Foundation rgy_edit(1m)
+ -pa and -pna - Specify whether passwords can consist of all
alphanumeric characters (-pn) or must include some nonalphanumeric
characters (-pna).
au[th_policy]
Changes and/or displays registry authentication policies.
This command prompts you for changes. Press <Return> to leave
information unchanged.
def[aults]
Changes or displays the home directory, login shell, password valid
option, account expiration date, and account valid option default
values that rgy_edit uses.
This command first displays the current defaults. It then prompts you
for whether or not you want to make changes. If you make changes,
defaults immediately changes the defaults for the current session,
and it saves the new defaults in ~/.rgy_editrc. The newly saved
defaults are used until you change them.
h[elp] [command
Displays usage information for rgy_edit.
If you do not specify a particular command, rgy_edit lists the
available commands.
q[uit]
Exit rgy_edit.
e[xit]
Exit rgy_edit.
l[ogin]
Lets you establish a new network identity for use during the rgy_edit
session.
Hewlett-Packard Company - 15 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
rgy_edit(1m) Open Software Foundation rgy_edit(1m)
The rgy_edit login command prompts for a principal name and password.
sc[ope] [name]
Limits the scope of the information displayed by the view subcommand
to the directory (specified by name) in the registry database.
Commands for the Local Registry [Toc] [Back]
To edit or view the local registry, invoke rgy_edit with the -l option
while you are logged into the machine whose local registry you want to
maintain. This section lists the commands that are valid for editing
or viewing the local registry. When you invoke rgy_edit with the -l
option, only the subcommands and options listed here can be used.
v[iew]
Displays local registry entries.
del[ete] principal_name
Deletes the account and credential information for principal_name from
the local registry.
pu[rge]
Purges expired local registry entries.
This command has no options or arguments.
The time limit, or lifespan, for which an entry in the local registry
is valid is set as a property of the local registry with the
properties subcommand. When the purge subcommand is run, it deletes
all expired entries. The lifespan begins when an entry for the
principal is added to the local registry (that is, the beginning of
the lifespan is the last time the principal logged in to the local
machine.) The lifespan ends after the time limit set as a local
registry property.
pr[operties]
Changes and/or displays local registry properties and policies.
This command displays the current properties and then prompts for
whether you want to make changes to them. You can change the local
registry's:
Hewlett-Packard Company - 16 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
rgy_edit(1m) Open Software Foundation rgy_edit(1m)
+ Capacity - A number representing the total number of entries the
local registry can contain at any one time. When the capacity is
reached, subsequent new entries overwrite the oldest entries.
+ Account lifespan - The time in which an account in the local
registry is valid in the following format:
weekswdaysdhourshminutesm
For example, 4 weeks and 5 days is entered as w5d.
If you enter only a number and no weeks, days, or hours
designation, the designation defaults to hours. If you end the
lifepan with an number and no weeks, days, or hours designation,
the number with no designation defaults to seconds. For example,
12w30 is assumed to be 12 weeks thirty seconds.
Hewlett-Packard Company - 17 -�OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96 [ Back ] |
