Although it is often convenient to speak of the registry database in a way that implies that it is a single physical database, the registry database is replicated in all but the very smallest cells. Replication reduces network traffic and increases the availability of registry data to clients.
A cell's registry database usually consists of an update site (also known as the master site), and a number of query sites (also known as read-only, or slave sites). Changes to data at the master site are propagated to its slaves by messages sent by the master. Query sites can only satisfy requests for data (for example, sec_rgy_acct_lookup( ), which returns account information). Requests for database changes (for example, sec_rgy_acct_passwd( ), which changes the password for an account) must be directed to the master site; a query site that receives such a request returns an error.
To submit requests to the registry server, a client must first select a site and bind to it. The client may select a site by name, ask the DCE Directory Service to bind to the master site, or select an arbitrary site. In addition, a client may select a cell and bind to a registry site in that cell.
The registry API enables a client to communicate with the registry server via a specified authentication protocol, at a specified protection level, and using a specified authorization protocol. For instance, a developer may decide that the protection level for communicating with an update site should be higher (that is, more secure) than that for a query site; that is, the developer may feel that, on the one hand, the relatively infrequent changes to registry data should be done in a highly secure manner and that, on the other hand, authentication overhead should be reduced for the more frequent requests for registry data. The registry API accommodates these varying needs.
The following calls bind a client to a registry server in preparation for registry operations. The argument list of these calls enables an application to specify the authentication protocol, the protection level, and the authorization protocol to be used:
· sec_rgy_site_bind( )
Binds to a specified site
· sec_rgy_site_bind_update( )
Binds to the update site
· sec_rgy_site_bind_query( )
Binds to any query site
· sec_rgy_cell_bind( )
Binds to any registry site in a specified cell
· sec_rgy_site_binding_get_info( )
Extracts the registry site name and security information from the binding handle
The following calls are similar to the binding calls just described, except that an application cannot specify security information. By default, however, the following calls use DCE shared-secret authentication, the packet-integrity level of protection, and DCE authorization.
· sec_rgy_site_open( )
Binds to the specified site
· sec_rgy_site_open_update( )
Binds to any update site
· sec_rgy_site_open_query( )
Binds to any query site
· sec_rgy_site_get( )
Gets the registry site name from the binding handle
The following calls provide miscellaneous binding management functionality:
· sec_rgy_site_close( )
Terminates binding to a registry site and frees resources associated with this binding
· sec_rgy_site_is_readonly( )
Tests whether a bound site is an update or query site