Previous Next

Security Server Processes

Every cell has one master Security Service machine and can also have slave Security Service machines. The following processes run on a Security Service master or slave server machine:

· The Security server, or secd process, implements the Authentication Service, the Privilege Service, and the Registry Service.

· The sec_create_db program initializes the Security database. You give this command an option indicating whether you want to create a master or slave Security server on the machine.

· The DCE control program (dcecp) for the management and maintenance of the Security software. See DCE Administration Utilities for a description of this program.

Keep the following considerations in mind when you are planning for Security servers:

· The node that runs the master Security server must be highly available and physically secure. Consider placing the master Security server machine in a locked room and keeping a log to record who accesses the machine.

· Be sure to move the master Security server before removing the node from the network or shutting down the node for an extended period of time. Modifications are made to the master Security server and propagated to slaves throughout your cell. If the master Security server is unavailable, no updates can be made.

· A cell can have only one master Security server. If you plan to make one cell out of several existing cells with independent master Security servers, you must first merge their registries.

· If the host that contains the master Security server goes down, hosts that have slave servers can still provide registry information, so consider having a number of slaves in your network. Use factors such as the number of machines in your cell, the reliability of the machines that run Security servers, and your cell's available resources to determine how many slave Security servers you need to have.

For further information about planning for the Security Service, see OSF DCE Administration Guide - Core Components.