sec_salvage_db(1m) OSF sec_salvage_db(1m)
NAME [Toc] [Back]
sec_salvage_db - Recover a corrupted registry database
Note: The sec_salvage_db -check and -fix options are not
currently available.
SYNOPSIS [Toc] [Back]
sec_salvage_db -print [-dbpath db_pathname] [-prtpath print_pathname]
[print_options] [-verbose] [-sort] [-dce1.0.3]
sec_salvage_db -reconstruct [-dbpath db_pathname] [-prtpath
print_pathname]
[reconstruct_options] [-verbose]
sec_salvage_db -check [-dbpath db_pathname] [db_options] [-verbose]
sec_salvage_db -fix [-dbpath db_pathname] [db_options] [-force] [-
verbose]
OPTIONS [Toc] [Back]
-check Check the database elements specified by db_options for
inconsistencies. This option sends a list to standard output
of all bad list links, internal id references, and database
keys and any detectable data inconsistencies. The -check
option does not check fields for legal values.
db_options
Specify the database elements to be acted on by the -check
or -fix options. If no db_options are specified, all are
selected. The db_options are
+ -princ - Principals
+ -group - Groups
+ -org - Organizations
+ -acct - Accounts
+ -acl - ACLs
+ -policy - Policy
Hewlett-Packard Company - 1 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_salvage_db(1m) Open Software Foundation sec_salvage_db(1m)
+ -state - Database State
+ -replicas - Replicas
Note: The .mkey.prt file and the princ.prt file
contain unencrypted authentication keys.
Ensure that only the privileged account can
access these files and that they are never
transferred over a network for viewing or
backup.
-fix Check the database for inconsistencies and prompt for
whether to fix each inconsistency. After all inconsistencies
have been processed, the option prompts for whether to save
all fixes.
-force Check the database for inconsistencies and fix each one
without prompting. After all inconsistencies have been
processed, the option prompts for whether to save all fixes.
This option is valid only when used with the -fix option.
-print Create files containing ASCII-formatted database records.
These files are used by the -reconstruct option as a source
for recreating the database. You can also manually edit the
files to change information or fix problems. A separate file
is created for each of the print_options specified.
By default the -print option stores the master key file in
the current directory and the database files in the
rgy_print directory in the current directory. The -prtpath
option lets you specify a different directory.
-dce1.0.3 Supports backwards conversion of a registry database from
DCE 1.1 to DCE 1.0.3.
print_options
Specify the database elements to be acted on by the -print
option. If the files exist, they are overwritten. If no
print_options are specified, all are selected. The
print_options and the files they create are
+ -princ - Put principal records in the file princ.prt
and master key information in the file .mkey.prt.
+ -group - Put group records in the file group.prt.
+ -org - Put organization records in the file org.prt.
Hewlett-Packard Company - 2 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_salvage_db(1m) Open Software Foundation sec_salvage_db(1m)
+ -policy - Put policy records in the file policy.prt.
+ -state - Put information about the state of the
database in the file rgy_state.prt.
+ -replicas - Put replica information in the file
replicas.prt.
-reconstruct
Reconstruct the registry database from the ASCII-formatted
print files created by the -print option. The
reconstruct_options specify the print files to use.
reconstruct_options
Note: The reconstruct_options options are not
available in Release 1.0.3. For this release,
sec_salvage_db reconstructs all elements of
the registry database.
Specifies which elements of the registry database to
reconstruct. If no reconstruct_options are specified, all
are selected. The reconstruct_options are
+ -pgo - Use data in the princ.prt, group.prt, org.prt,
and .mkey.prt files to reconstruct:
-- Principals, groups, organizations
-- Principal's accounts
-- ACL's on database objects
-- The master key file
+ -policy - Use data from the policy.prt file to
reconstruct registry policies.
+ -state - Use data from the rgy_state.prt file to
reconstruct information about the state of the
database.
+ -replicas - Use data from the replicas.prt file to
reconstruct the master replica list.
Hewlett-Packard Company - 3 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_salvage_db(1m) Open Software Foundation sec_salvage_db(1m)
-dbpath db_pathname
For the -print and -check options, -dbpath specifies the
directory in which the registry database and the master key
file are located. For the -reconstruct and -fix options, -
dbpath specifies the directory in which to store the
reconstructed or salvaged database.
The -print and -check options expects to find the master key
file, .mkey, in the directory above the directory that holds
the database files. For example, if db_pathname is
dcelocal/var/security/new_rgy, the options look for the
master key file in dcelocal/var/security and the database
files in dcelocal/var/security/new_rgy.
If this option is not specified, the default pathname is
dcelocal/var/security/rgy_data.
db_pathname can be a global pathname or a cell-relative
name.
-prtpath print_pathname
For the print and -reconstruct options only, -prtpath
specifies the directory in which to create (-print) the
print files, or find (-reconstruct) the print files from
which to reconstruct the database.
By default the -print option creates and the -reconstruct
option looks for the master key file in the current
directory and the database files in the rgy_print
subdirectory of the current directory. -prtpath lets you
specify the directory that should be used instead of the
current directory. For example, if you specify
print_pathname as dcelocal/var/security/registry, the master
key print file will be created in that directory and the
database print files in
dcelocal/var/security/registry/rgy_print.
If any or all of the print files exist in print_pathname or
the default directory, their contents are overwritten.
print_pathname can be a global pathname or a cell-relative
name.
DESCRIPTION [Toc] [Back]
The sec_salvage_db tool is an aid to database administration and
troubleshooting. Although day-to-day administration is handled by the
rgy_edit command, sec_salvage_db can be useful for listing registry
data, reconstructing databases, and salvaging corrupted databases.
Hewlett-Packard Company - 4 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_salvage_db(1m) Open Software Foundation sec_salvage_db(1m)
The sec_salvage_db command supports two methods of operation: the
check and fix method and the print and reconstruct method. These
methods can be used in tandem.
Check and Fix Method [Toc] [Back]
Note: The -check and -fix options are not currently available.
The check and fix method recovers data from a corrupted database,
fixing corrupted data links, data retrieval keys, and other internal
references. You can use it on a database so corrupted that it prevents
the Security Server (secd) from running or registry clients from
operating correctly. The check and fix method repairs the database
structure so that secd can run. (Note that data may be lost if
corrupted pointers in the registry data files irreversibly sever the
links between records.) The check and fix method uses the
sec_salvage_db -check, -fix, and -force options.
The -check option accesses each record in the database and reports all
errors, but makes no fixes. Although you can run it to see the state
of the database before you run the -fix option, it is not required to
be run.
The -fix option also accesses each record in the database and reports
all errors, but as it finds each error, it prompts for whether or not
to fix the error. When processing is complete, sec_salvage_db prompts
for whether or not to save the changes.
The -force option can only be used with the -fix option. If you use
it, sec_salvage_db does not prompt for confirmation before it fixes
each error it finds. sec_salvage_db will still prompt for
confirmation before it saves the changes.
The Print and Reconstruct Method [Toc] [Back]
The print and reconstruct method allows you to reconstruct a database.
It first creates ASCII files, called print files, that contain all
accessible data in the database. Then, it reads the data in these
files to construct a new database. If you cannot start a Security
Server on the database host machine, you cannot use the print and
reconstruct method, but must use the check and fix method. (Note that
before you run sec_salvage_db with the -print and -reconstruct
options, you must stop the Security Server.)
In addition to reconstructing the database, the print and reconstruct
method has other uses. You can use it to
+ Make changes to the database by manually editing the print files
created by the -print option and then reconstructing them from
the changed print files. This can be especially useful for
changing many user passwords, which may be necessary if the
master key file is corrupted.
Hewlett-Packard Company - 5 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_salvage_db(1m) Open Software Foundation sec_salvage_db(1m)
+ Obtain a listing of database contents.
+ Copy databases between different platforms.
To use the print and reconstruct method run sec_salvage_db first with
the -print option and then with the -reconstruct option.
The -print option creates the ASCII print files from the registry
database files. These files can be reviewed and edited to correct
faulty information, such as name-to-UNIX ID mismatches or missing
data, or to update existing data. The -reconstruct option recreates
the registry database files from the print files.
Because the -print option creates files containing all data in the
database and the -reconstruct option recreates the database based on
these files, you can use this method to move a database to another
machine or even another cell. For example, if you run sec_salvage_db
-print on an uncorrupted database, you can then run sec_salvage_db
-reconstruct and specify a pathname on a different machine for where
the database should be created.
Converting a DCE 1.1 Registry Database to a DCE 1.0.3 Database [Toc] [Back]
The sec_salvage_db -dce1.0.3 option supports backwards conversion of
a registry database from DCE 1.1 to DCE 1.0.3. To convert a DCE 1.1
registry database to a DCE 1.0.3 database perform the following
procedure:
1. Stop all DCE 1.1 servers.
2. Run the sec_salvage_db command with the -print and -dce1.0.3
options (and any other options you need) to create ASCII print
files of the Registry database.
Note that for polymorphous objects (that is, an object that can
be both a directory and a person, group, or organization),
sec_salvage_db creates a print file entry for a directory as as
default. It then stores the information related to the person,
group, or organization in a file named info.prt. To recreate a
person, group, or organization instead of a directory, manually
add the information in the info.prt file to the appropriate ASCII
print files.
3. Clean up the remnants of the Registry database by deleting the
/opt/dcelocal/var/rpc/rpcdep.dat file and all files in the
following directories:
+ /opt/dcelocal/var/security/rgy_data
Hewlett-Packard Company - 6 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_salvage_db(1m) Open Software Foundation sec_salvage_db(1m)
+ /opt/dcelocal/var/security/rcache
+ /opt/dcelocal/var/security/creds
4. Reload the DCE 1.0.3 bits.
5. Run the sec_salvage_db command with the -reconstruct option (and
any other options you need) to create the database from the ASCII
print files.
6. Restart DCE 1.0.3 servers.
EDITING THE PRINT FILES [Toc] [Back]
To edit the print files, your entries must be in the following format
field_name optional_white_space=optional_white_space value
Although you can leave spaces between the field name, the equals sign,
and the value, field names and values cannot contain white space.
A sample org.prt file follows.
Record_Number = 2
Object_Type = ORG
Name = org/none
UUID = 0000000C-D751-21CA-A002-08001E039D7D
Unix_ID = 12
Is_Alias_Flag = false
Is_Required_Flag = false
Fullname =
Member_Name = nobody
Member_Name = root
Member_Name = daemon
Member_Name = uucp
Member_Name = bin
Member_Name = dce-ptgt
Member_Name = dce-rgy
Member_Name = krbtgt/abc.com
Member_Name = hosts/zebra/self
Obj_Acl_Def_Cell_Name = /.../abc.com
Obj_Acl_Entry = unauthenticated:r-t-----
Obj_Acl_Entry = user:root:rctDnfmM
Obj_Acl_Entry = other_obj:r-t-----
Obj_Acl_Entry = any_other:r-t-----
To update existing entries, simply supply a new value. For example, to
update a principal's full name, the entry in the princ.prt file is
Hewlett-Packard Company - 7 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_salvage_db(1m) Open Software Foundation sec_salvage_db(1m)
Fullname = fullname
The fullname variable is the principal's full name. The princ.prt
file contains the following entry that allows you to update a
principal's password in plain text:
Plaintext_Passwd =
This field does not display the principal's password. To update the
password, simply enter the new one in plain text after the equals
sign. When the database is reconstructed, the password is encrypted
and any keys derived from that password are regenerated and used to
overwrite any existing encryption key entries.
To specify a NULL value, delete the existing value. For example, to
specify a NULL value for a fullname in the princ.prt file, the entry
is
Fullname =
PRINT FILE FIELDS AND VALUES [Toc] [Back]
The fields in the princ.prt, group.prt, org.prt, .mkey.prt,
policy.prt, rgy_state.prt and replicas.prt files are described in the
following tables.
Table 0-0. princ.prt File Fields
______________________________________________________________________
Field Name Field Values
______________________________________________________________________
For all Records:
______________________________________________________________________
______________________________________________________________________
Record_Number The sequential number of the record in
the database.
______________________________________________________________________
Object_Type An indication of the type of object:
PRINC=principal, DIR=directory.
______________________________________________________________________
Name Name of the object.
______________________________________________________________________
UUID Unique Identifier of the object.
______________________________________________________________________
For Principals:
______________________________________________________________________
______________________________________________________________________
Hewlett-Packard Company - 8 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_salvage_db(1m) Open Software Foundation sec_salvage_db(1m)
Unix_ID The principal's Unix ID.
______________________________________________________________________
Is_Alias_Flag An indication of whether or not the
principal name is an alias or a primary
name: true=alias, false=primary.
______________________________________________________________________
Is_Required_Flag An indication of whether or not the
principal is reserved: true=principal is
reserved and cannot be deleted,
false=principal is not reserved.
______________________________________________________________________
Quota The principal's object creation quota: a
non-negative integer or unlimited.
______________________________________________________________________
Fullname The principal's fullname: a text string.
______________________________________________________________________
Member_Name* The names of the groups to which the
principal belongs.
______________________________________________________________________
Obj_Acl_Def_Cell_Name The default cell name of this
principal's object ACL.
______________________________________________________________________
Num_Acl_Entries The number of entries in the principals
object ACL.
______________________________________________________________________
Obj_Acl_Entry*+ The contents of the principal's object
ACL.
______________________________________________________________________
Acct_Group_Name The account's group name.
______________________________________________________________________
Acct_Org_Name The account's organization name.
______________________________________________________________________
Acct_Creator_Name The name of principal who created this
account.
______________________________________________________________________
Acct_Creation_Time The date and time the account was
created in yyyy/mm/dd.hh:mm format. The
first two digits of the year, the hours,
and the minutes are optional.
______________________________________________________________________
Acct_Changer_Name Name of principal who last changed the
account.
______________________________________________________________________
Acct_Change_Time The date and time the account was last
changed in yyyy/mm/dd.hh:mm format.
(The first two digits of the year, the
hours and the minutes are optional.)
______________________________________________________________________
Hewlett-Packard Company - 9 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_salvage_db(1m) Open Software Foundation sec_salvage_db(1m)
Acct_Expire_Time The date and time the account expires or
none for no expiration date. The date
and time are in yyyy/mm/dd.hh:mm format.
(The first two digits of the year, the
hours and the minutes are optional.)
______________________________________________________________________
Acct_Good_Since_Time The date and time the principal's
account was last known to be in an
uncompromised state in yyyy/mm/dd.hh:mm,
format or no for current time and date.
(The first two digits of the year, the
hours and the minutes are optional.)
______________________________________________________________________
Acct_Valid_For_Login_Flag An indication of whether or not the
account can be logged into: true=account
is valid for login, false=account cannot
be logged into.
______________________________________________________________________
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
Hewlett-Packard Company - 10 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_salvage_db(1m) Open Software Foundation sec_salvage_db(1m)
__________________________________________________________________________
Acct_Valid_As_Server_Flag Indicates whether or not the account is
a server and can engage in authenticated
communication: true=account is a server,
false=account is not server.
__________________________________________________________________________
Acct_Valid_As_Client_Flag Indicates whether or not the account is
a client and can log in, acquire
tickets, and be authenticated:
true=account is a client, false=account
is not a client.
__________________________________________________________________________
Acct_Post_Dated_Cert_Ok_Flag Indicates whether or not tickets with a
start time some time in the future can
be issued to the account's principal:
true=postdated tickets can be issued,
false=postdated tickets cannot be
issued.
__________________________________________________________________________
Acct_Forwardable_Cert_Ok_Flag Indicates whether or not a new ticketgranting
ticket with a network address
that differs from the present ticketgranting
address can be issued to the
account's principal: true=account can
get forwardable certificates,
false=account cannot.
__________________________________________________________________________
Acct_TGT_Auth_Cert_Ok_Flag Indicates whether or not tickets issued
to the account's principal can use the
ticket-granting-ticket authentication
mechanism: true=tickets can use the
ticket-granting-ticket authentication
mechanism, false=they cannot.
__________________________________________________________________________
Acct_Renewable_Cert_Ok_Flag Indicates whether or not tickets issued
to the principal's ticket-granting
ticket to be renewed: true=tickets can
be renewed, false=tickets cannot be
renewed.
__________________________________________________________________________
Acct_Proxiable_Cert_Ok_Flag Indicates whether or not a new ticket
with a different network address than
the present ticket can be issued to the
account's principal: true=such a ticket
can be issued, false=such a ticket
cannot be issued.
__________________________________________________________________________
Hewlett-Packard Company - 11 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_salvage_db(1m) Open Software Foundation sec_salvage_db(1m)
Acct_Dup_Session_Key_Ok_Flag Indicates whether or not tickets issued
| | to the account's principal can have |
| | duplicate keys: true=account can have |
| | duplicate session keys, false=account |
| | cannot. |
|______________________________|__________________________________________|
|Unix_Key | The account principal's encrypted UNIX |
| | password: ASCII string. |
|______________________________|__________________________________________|
|Plaintext_Passwd | Stores the principal's password in plain |
| | text. This field is provided to allow |
| | principal's passwords to be changed. |
| | When the princ.prt file is processed by |
| | the sec_salvage_db -reconstruct option, |
| | this password is encrypted using UNIX |
| | system encryption. This encrypted |
| | password is then stored as the |
| | principal's encrypted UNIX password in |
| | the Unix_Key field. |
|______________________________|__________________________________________|
|Home_Dir | The account principal's home directory: |
| | text string. |
|______________________________|__________________________________________|
|Shell | The account principal's login shell: |
| | text string. |
|______________________________|__________________________________________|
|Gecos | The account's GECOS information: text |
| | string. |
|______________________________|__________________________________________|
|Passwd_Valid_Flag | Indicates whether or not the account |
| | principal's password is valid: |
| | true=password is valid, false=password |
| | not valid. |
|______________________________|__________________________________________|
Hewlett-Packard Company - 12 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_salvage_db(1m) Open Software Foundation sec_salvage_db(1m)
_________________________________________________________________________
Passwd_Change_Time The date and time the account
principal's password was last changed in
yyyy/mm/dd.hh:mm format or now for the
current date and time. The first two
digits of the year, the hours and the
minutes are optional.
_________________________________________________________________________
Max_Certificate_Lifetime The number of hours before the
Authentication Service must renew the
account principal's service
certificates: an integer indicating the
time in hours or default-policy to use
the registry default.
_________________________________________________________________________
Max_Renewable_Lifetime The number of hours before a session
with the account principal's identity
expires and the principal must log in
again to reauthenticate: an integer
indicating the time in hours or
default-policy to use the registry
default.
_________________________________________________________________________
Master_Key_Version The version of the master key used to
encrypt the account principal's key.
_________________________________________________________________________
Num_Auth_Keys The number of the account principal's
authentication keys.
_________________________________________________________________________
Auth_Key_Version* A list of the version numbers of the
account principal's authentication key.
The first version number on the list
represents the current authentication
key.
_________________________________________________________________________
Auth_Key_Pepper* The pepper algorithm used for the
account principal's key: a text string
or blank to use the default pepper
algorithm.
_________________________________________________________________________
Auth_Key_Len* The length in bytes of the account
principal's authentication key.
_________________________________________________________________________
Auth_Key* The account principal's authentication
key: hex string.
_________________________________________________________________________
Hewlett-Packard Company - 13 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_salvage_db(1m) Open Software Foundation sec_salvage_db(1m)
Auth_Key_Expire_Time* The date and time the account
| | principal's authentication key expires |
| | or none for no expiration. Date and time |
| | are in yyyy/mm/dd.hh:mm format. (The |
| | first two digits of the year, the hours |
| | and the minutes are optional.) |
|_____________________________|__________________________________________|
|_____________________________|__________________________________________|
|For Directories: | |
|_____________________________|__________________________________________|
|_____________________________|__________________________________________|
|Obj_Acl_Def_Cell_Name+ | The default cell name of the directory's |
| | object ACL. |
|_____________________________|__________________________________________|
|Num_Acl_Entries | The number of entries in the directory's |
| | object ACL. |
|_____________________________|__________________________________________|
|Obj_Acl_Entry*+ | The contents of the directory's object |
| | ACL. |
|_____________________________|__________________________________________|
|Init_Obj_Acl_Def_Cell_Name+ | The default cell name of the directory's |
| | initial object ACL. |
|_____________________________|__________________________________________|
|Num_Acl_Entries | The number of entries in the directory's |
| | initial object ACL. |
|_____________________________|__________________________________________|
|Init_Obj_Acl_Entry*+ | The contents of the directory's initial |
| | object ACL. |
|_____________________________|__________________________________________|
|Init_Cont_Acl_Def_Cell_Name+ | The default cell name of the directory's |
| | initial container ACL. |
|_____________________________|__________________________________________|
|Num_Acl_Entries | The number of entries in the directory's |
| | initial container ACL. |
|_____________________________|__________________________________________|
|Init_Cont_Acl_Entry*+ | The contents of the directory's initial |
| | container ACL. |
|_____________________________|__________________________________________|
* These segments/fields may appear multiple times in succession.
+ If a stored UUID doesn't map to a name required for this field, the
UUID will be displayed.
Hewlett-Packard Company - 14 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_salvage_db(1m) Open Software Foundation sec_salvage_db(1m)
Table 0-0. group.prt File Fields
_________________________________________________________________________
Field Name Field Values
_________________________________________________________________________
For all Records:
_________________________________________________________________________
_________________________________________________________________________
Record_Number The sequential number of the record in
the database.
_________________________________________________________________________
Object_Type An indication of the type of object:
GROUP=group, DIR=directory.
_________________________________________________________________________
Name Name of the object.
_________________________________________________________________________
UUID Unique Identifier of the object.
_________________________________________________________________________
For Groups:
_________________________________________________________________________
_________________________________________________________________________
Unix_ID Unix ID of the group.
_________________________________________________________________________
Is_Alias_Flag An indication of whether or not the
group name is an alias or a primary
name: true=alias, false=primary .
_________________________________________________________________________
Is_Required_Flag An indication of whether or not the
group is reserved: true=group is
reserved and cannot be deleted,
false=group is not reserved.
_________________________________________________________________________
Projlist_Ok_Flag An indication of whether or not the
group can be included in project lists:
true=group can be included on project
lists, false=group cannot be included.
_________________________________________________________________________
Fullname The group's fullname: a text string.
_________________________________________________________________________
Member_Name* The names of the group's members.
_________________________________________________________________________
Obj_Acl_Def_Cell_Name+ The default cell name of this group's
object ACL.
_________________________________________________________________________
Num_Acl_Entries The number of entries in the group's
object ACL.
_________________________________________________________________________
Obj_Acl_Entry* The contents of the group's object ACL.
_________________________________________________________________________
For Directories:
Hewlett-Packard Company - 15 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_salvage_db(1m) Open Software Foundation sec_salvage_db(1m)
_________________________________________________________________________
_________________________________________________________________________
Obj_Acl_Def_Cell_Name+ The default cell name of this
directory's object ACL.
|_____________________________|__________________________________________|
|Num_Acl_Entries | The number of entries in the directory's |
| | object ACL. |
|_____________________________|__________________________________________|
|Obj_Acl_Entry* | The contents of the directory's object |
| | ACL. |
|_____________________________|__________________________________________|
|Init_Obj_Acl_Def_Cell_Name+ | The default cell name of the directory's |
| | initial object ACL. |
|_____________________________|__________________________________________|
|Num_Acl_Entries | The number of entries in the directory's |
| | initial object ACL. |
|_____________________________|__________________________________________|
| | |
|Init_Obj_Acl_Entry*+ | The contents of the directory's initial |
| | object ACL. |
|_____________________________|__________________________________________|
|Init_Cont_Acl_Def_Cell_Name+ | The default cell name of the directory's |
| | initial container ACL. |
|_____________________________|__________________________________________|
|Num_Acl_Entries | The number of entries in the directory's |
| | initial container ACL. |
|_____________________________|__________________________________________|
|Init_Cont_Acl_Entry*+ | The contents of the directory's initial |
| | container ACL. |
|_____________________________|__________________________________________|
* These fields may appear multiple times in succession.
+ If a stored UUID doesn't map to a name required for this field, the
UUID will be displayed.
Hewlett-Packard Company - 16 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_salvage_db(1m) Open Software Foundation sec_salvage_db(1m)
Table 0-0. org.prt File Fields
___________________________________________________________________________
Field Name Field Values
___________________________________________________________________________
For all Records:
___________________________________________________________________________
___________________________________________________________________________
Record_Number The sequential number of the record in
the database.
___________________________________________________________________________
Object_Type An indication of the type of object:
ORG=organization, DIR=directory.
___________________________________________________________________________
Name Name of the object.
___________________________________________________________________________
UUID Unique Identifier of the object.
___________________________________________________________________________
For Organizations:
___________________________________________________________________________
___________________________________________________________________________
Unix_ID Unix Id of the organization.
___________________________________________________________________________
Is_Alias_Flag An indication of whether or not the
organization is an alias or a primary
name: true=alias, false=primary.
___________________________________________________________________________
Is_Required_Flag An indication of whether or not the
organization is reserved:
true=organization is reserved and cannot
be deleted, false=organization is not
reserved.
___________________________________________________________________________
Fullname The organization's fullname: a text
string.
___________________________________________________________________________
Member_Name* The names of the organization's members.
___________________________________________________________________________
Obj_Acl_Def_Cell_Name The default cell name of this
organization's object ACL.
___________________________________________________________________________
Num_Acl_Entries The number of entries in the
organization's object ACL.
___________________________________________________________________________
Obj_Acl_Entry*+ The contents of the organization's
object ACL.
___________________________________________________________________________
For Organizations with Policy:
___________________________________________________________________________
___________________________________________________________________________
Hewlett-Packard Company - 17 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_salvage_db(1m) Open Software Foundation sec_salvage_db(1m)
Acct_Lifetime The period during which accounts for the
organization are valid: a integer number
representing days or forever.
___________________________________________________________________________
|Passwd_Min_Len | The minimum length of the organization's |
| | password: a non-negative integer. |
|_______________________________|__________________________________________|
|Passwd_Lifetime | The span in days of the lifetime of the |
| | organization's password: an integer or |
| | forever. |
|_______________________________|__________________________________________|
|Passwd_Expire_Time | The date and time the organization's |
| | password expires in yyyy/mm/dd.hh:mm |
| | format. (The first two digits of the |
| | year, the hours and the minutes are |
| | optional.) |
|_______________________________|__________________________________________|
|Passwd_All_Spaces_Ok | An indication of whether or not the |
| | organization's password can consist of |
| | all spaces: true=can consist of spaces, |
| | false=cannot. |
|_______________________________|__________________________________________|
|Passwd_All_Alphanumeric_Ok | An indication of whether or not the |
| | organization's password can consist of |
| | all alphanumeric characters: true=can be |
| | all alphanumeric, false=cannot. |
|_______________________________|__________________________________________|
|For Directories: | |
|_______________________________|__________________________________________|
|_______________________________|__________________________________________|
|Obj_Acl_Def_Cell_Name+ | The default cell name of the directory's |
| | object ACL. |
|_______________________________|__________________________________________|
|Num_Acl_Entries | The number of entries in the directory's |
| | object ACL. |
|_______________________________|__________________________________________|
|Obj_Acl_Entry*+ | The contents of the directory's object |
| | ACL. |
|_______________________________|__________________________________________|
|Init_Obj_Acl_Def_Cell_Name+ | The default cell name of the directory's |
| | initial object ACL. |
|_______________________________|__________________________________________|
|Num_Acl_Entries | The number of entries in the directory's |
| | initial object ACL. |
|_______________________________|__________________________________________|
Hewlett-Packard Company - 18 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_salvage_db(1m) Open Software Foundation sec_salvage_db(1m)
_________________________________________________________________________
|Init_Obj_Acl_Entry*+ | The contents of the directory's initial |
| | object ACL. |
|_____________________________|__________________________________________|
|Init_Cont_Acl_Def_Cell_Name+ | The default cell name of the directory's |
| | initial container ACL. |
|_____________________________|__________________________________________|
|Num_Acl_Entries | The number of entries in the directory's |
| | initial container ACL. |
|_____________________________|__________________________________________|
|Init_Cont_Acl_Entry*+ | The contents of the directory's initial |
| | container ACL. |
|_____________________________|__________________________________________|
* These fields may appear multiple times in succession.
+ If a stored UUID doesn't map to a name required for this field, the
UUID will be displayed.
Table 0-0. .mkey.prt File Fields
_______________________________________________________________
|Field Name | Field Values |
|___________________|__________________________________________|
|Master_Key_Version | The integer version of the master key. |
|___________________|__________________________________________|
|Master_Key_Keytype | Always des. |
|___________________|__________________________________________|
|Master_Key_Length | The length of the master key in bytes. |
|___________________|__________________________________________|
|Master_Key | The master key in hex string format. |
|___________________|__________________________________________|
Hewlett-Packard Company - 19 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_salvage_db(1m) Open Software Foundation sec_salvage_db(1m)
Table 0-0. policy.prt File Fields
__________________________________________________________________________
Field Name Field Values
__________________________________________________________________________
Rgy_Policy_File_Version An integer representing the version of
the policy information.
__________________________________________________________________________
Prop_Read_Version A number indicating the property
record's read version.
__________________________________________________________________________
Prop_Write_Version A number indicating the property
record's write version.
__________________________________________________________________________
Min_Certificate_Lifetime The minimum amount of time before the
principal's ticket must be renewed in
weekswdaysdhourshminutesm format.
__________________________________________________________________________
Default_Certificate_Lifetime The the default lifetime for tickets
issued to principals in this cell's
registry in weekswdaysdhourshminutesm
format.
__________________________________________________________________________
Low_Unix_ID_Principal The starting point for principal UNIX
IDs automatically generated by the
Security Service when a principal is
added: an integer, which must be less
than Max_Unix_ID.
__________________________________________________________________________
Low_Unix_ID_Group The the starting point for UNIX IDs
automatically generated by the Security
Service when a group is added: an
integer, which must be less than
Max_Unix_ID.
__________________________________________________________________________
Low_Unix_ID_Org The starting point for UNIX IDs
automatically generated by the Security
Service when an organization is added
using: an integer, which must be less
than Max_Unix_ID.
__________________________________________________________________________
Max_Unix_ID The highest number that can be supplied
as a UNIX ID when principals are
created: an integer.
__________________________________________________________________________
Rgy_Readonly_Flag An indication of whether or not the
registry is read-only: true=read only,
false=updateable.
__________________________________________________________________________
Hewlett-Packard Company - 20 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
sec_salvage_db(1m) Open Software Foundation sec_salvage_db(1m)
Auth_Certificate_Unbound_Flag An indication of whether or not
certificates are generated for use on
any machine: true=yes, false=no.
__________________________________________________________________________
|Shadow_Passwd_Flag | Determines whether encrypted passwords |
| | are sent over the network: |
| | true=encrypted passwords are not sent |
| | over the network, false=encrypted |
| | passwords are sent over the network. |
|______________________________|__________________________________________|
|Embedded_Unix_ID_Flag | Determines if UNIX IDs are embedded in |
| | person, group, and organization UUIDs: |
| | true=UNIX IDs are embedded, false=UNIX |
|
|
