PreviousNext

secd(8sec)

The DCE security server

Synopsis

secd [-b[ootstrap]] [-lockpw] [-locksm[ith]]
[pname] [-rem[ote]]
[-master_seqno new_master_seqno] [-cpi time]
[-restore_master] [-noaudfilter] [-v[erbose]]

Options

-bo[otstrap]
Always waits only one minute between tries to export binding information to the Cell Directory Service during DCE configuration. If you do not specify this option, during initialization secd sleeps for 1 minute if CDS is not available when it tries to export binding information. If the export fails a second time, it sleeps for 2 minutes before it tries again. If it still fails, it sleeps for 4, 8, and 16 minutes between retries. Then, sleep time stays at 16 minutes until the binding export succeeds.

-lockpw
Prompt for a new locksmith password when running in locksmith mode. This option allows you to specify a new password for the locksmith account when the old one is unknown.

-locksm[ith]
Restarts the master security server in locksmith mode. Use this mode if you cannot access the registry as the principal with full registry access, because that principals account has been inadvertently deleted or its password lost.

-rem[ote]
Allows the locksmith principal to log in remotely. If this option is not used, the principal must log in from the local machine on which secd will be started.

-master_seqno
Sets a new master sequence number for the master replica. This option is used only in unusual situations when a replica that you want to be the master has a master sequence number that is lower than (or equal to) another master sequence number in the system. When the master detects that its master sequence number is lower than another one in the system, it marks itself as a duplicate master and its process exits. Each time you start the master replica, it notices that it has been deemed a duplicate master, and its process again exits. Use this option to assign a new master sequence number to the replica you want to be master. The new sequence number should be one digit higher than the highest master sequence number in the system. (Use the dcecp registry show -replica command for each replica to find the highest master sequence number.)

-cpi
The checkpoint interval for the master registry database. This is the interval in seconds at which the master reads its database to disk. The default is one hour.

-restore_master
Marks all slave replicas for initialization during the master restart. Use this option only to recover from a catastrophic failure of the master security server (for example, if the database is corrupted and then restored from a backup tape).

-noaudfilter
Disables audit filtering and enables full (unfiltered) auditing. By default, secd turns audit filtering on.

-v[erbose]
Runs in verbose mode.

All options start the security server on the local node.

Arguments

pname
The name of the locksmith principal. If no registry account exists for this principal, secd creates one.

Description

The secd daemon is the security server. It manages all access to the registry database. You must have root privileges to invoke secd.

The security server can be replicated, so that several copies of the registry database exist on a network, each managed by a secd process. Only one security server, the master replica, can perform database update operations (such as adding an account). Other servers, the slave replicas, can perform only lookup operations (such as validating a login attempt).

A DCE host daemon (dced) must be running on the local node when secd is started. Typically, dced and secd are started at boot time. The secd server places itself in the background when it is ready to service requests.

Locksmith Mode
The secd -locksmith option starts secd in locksmith mode. The -locksmith option can be used only with the master replica. In locksmith mode, the principal name you specify to secd with pname becomes the locksmith principal. As the locksmith principal, you can repair intentional or accidental changes that prevent you from logging in with full registry access privileges.

If no account exists for pname, secd establishes one and prompts you for the accounts password. (Use this password when you log in to the account as the locksmith principal.) If an account for pname exists, secd changes the account and policy information as described in the tables titled Locksmith Account Changes Made by the Security Server and Registry Policy Changes Made by the Security Server. These changes ensure that even if account or registry policy was tampered with, you will now be able to log in to the locksmith account.

In locksmith mode, all principals with valid accounts can log in and operate on the registry with normal access checking. The locksmith principal, however, is granted special access to the registry: no access checking is performed for the authenticated locksmith principal. This means that, as the locksmith principal, you can operate on the registry with full access.

Locksmith Account Changes Made by the Security Server

If the security server finds It changes
Password-Valid flag is set to no Password-Valid flag to yes
Account Expiration date is set to less than the current time plus one hour Account Expiration date to the current time plus one hour
Client flag is set to no Client flag to yes
Account-Valid flag is set to no Account-Valid flag to yes
Good Since date is set to greater than the current time Good Since date to the current time
Password Expiration date is set to less than the current time plus one hour Password Expiration date to the current time plus one hour
Registry Policy Changes Made by the Security Server

If the Security Server finds It changes
Account Lifespan is set to less than the difference between the locksmith account creation date and the current time plus one hour Account Lifespan to the current time plus one hour minus the locksmith account creation date
Password Expiration date is set to greater than the time the password was last changed but less than the current time plus one hour Password Expiration date to the current time plus one hour
Use the -lockpw option if the locksmith account exists but you do not know its password. This option causes secd to prompt for a new locksmith password and replace the existing password with the one entered.

Use the -remote option to allow the locksmith principal to log in from a remote machine.

The secd program usually runs in the background. When you start secd in locksmith mode, it runs in the foreground so that you can answer prompts.

Examples
All the commands shown in the following examples must be run by root:

1. Start a security server after you create the database with sec_create_db.
dcelocal/bin/secd

2. Restart an existing replica (master or slave).
dcelocal/bin/secd

3. Start the security server in locksmith mode and allow the master_admin principal to log in on a remote machine.
dcelocal/bin/secd -locksmith master_admin -remote

Related Information
Commands: dcecp(8dce)

dced(8dce)