The Registry Database

· Principals - Principals are the users of the system. Principals can be interactive principals (human users) or noninteractive (servers, machines, and cells). Principals can be associated with access permissions.

· Groups - Groups are collections of principals that are identified by a group name. Groups can be associated with access permissions.

· Organizations - Organizations are collections of principals; these principals are identified by an organization name. Organizations define the policies associated with the principals in the registry. Organizations cannot be associated with access permissions.

· Accounts - Accounts contain the passwords and accounting information that allow principals authenticated access to objects within the cell. (Authenticated access can also occur between principals in different cells, as described in the following text.)

· Policies and Properties - Policies and properties regulate such things as password length and format and certain authentication requirements.

· The replist object - This object is used to manage replicas of the registry database.

· The xattrschema object - This object is the extended registry schema created with the ERA facility.

(See Accessing Registry Objects for a detailed description of the structure of the registry database and the types of information it contains.)

The collection of objects controlled by a registry database is an entity known as a cell. Authenticated communications are possible between cells only if those cells have special accounts in the registry database at the cell they wish to communicate with. These special accounts set up cross-cell authentication, which gives principals from one cell authenticated access to another cell. (See Administering a Multicell Environment for information about establishing accounts for cross-cell authentication.)