Configuring the Master Security Server

To configure the master Security server:

1. At the DCE Initial Cell Configuration menu, type 1 and press <Return>.

The dce_config script displays the following message:

S:****** Configuring initial Security Server...

The dce_config script prompts for the name of the cell in which the servers are being configured:

Enter the name of your cell (without /.../):

2. Type the name of the cell and press <Return>.

The dce_config script displays the following message:

S:****** Starting dced...

The dce_config script displays the following prompt:

Enter keyseed for initial database master key:

3. Type in the text string for the keyseed, which is a temporary DES key that is used to generate the registry's master key (the key that the registry will use for account key creation). Press <Return>.

The text you enter should not be easily guessed. Note that it is not displayed as you type it.

The dce_config script prompts:

Enter desired principal name for the Cell Administrator: (cell_admin)

Type the name of the principal who will be the initial privileged user of the registry database (known as the registry creator) and press <Return>. You will use the account created by dce_config for the principal you name here to log in to the DCE during subsequent component configurations.

The dce_config script prompts:

Enter desired password for the Cell Administrator:

4. Type the password to be assigned to the initial privileged user account and press <Return>. Note that if you use the default password, -dce- you should change it to a more secure password after DCE configuration is complete.

The dce_config script prompts for the password again to ensure it is correct:

Re-enter desired password:

5. Type the password again and press <Return>.

The dce_config prompts:

S:****** The current highest UNIX ID for persons on this node is 30124.
Enter the starting point to be used for UNIX ID's that
are automatically generated by the Security Service
when a principal is added using "rgy_edit": (30224)

6. Type a UNIX ID number that will be used as the principal UNIX ID at which the Security server will start assigning automatically generated principal UNIX IDs and press <Return>. The default is the value of the highest principal UNIX ID on the machine being configured, incremented by the value of the UID_GAP environment variable. Although the value you supply is not required to be higher than the machine's highest principal UNIX ID, if you supply a value that is less than or equal to the highest currently used principal UNIX ID, dce_config issues a warning message and prompts you to reenter the UNIX ID.

The dce_config script prompts:

S:****** The current highest UNIX ID for groups is 26.
Enter the starting point to be used for UNIX ID's that
are automatically generated by the Security Service
when a group is added using "rgy_edit": (126)

7. Type a UNIX ID number that will be used as the group UNIX ID at which the Security server will start assigning automatically generated group UNIX IDs and press <Return>. The default is the value of the highest group UNIX ID on the machine incremented by the value of the UID_GAP environment variable. Although the value you supply is not required to be higher than the machine's highest group UNIX ID, if you supply a value that is less than or equal to the highest currently used group UNIX ID, dce_config issues a warning message and prompts you to reenter the UNIX ID.

The dce_config script starts the secd server and initializes the registry database. As it does, it displays:

S:****** Starting secd...
S:****** Checking for active sec_client service...
S:****** Initializing the registry database...

When the master Security server configuration is complete, dce_config returns the Initial Cell Configuration menu.