Physical Security of the Database
The DCE Security Service provides safeguards for network security, protecting information that is transmitted across the network by guaranteeing the identities of principals who engage in cross-machine communications. The security server and the database that it serves, however, reside on a local machine. The registry database is only as secure as the security provided by the machine on which it resides. In addition to ensuring that sensitive data can be accessed on the local machine only by root, you need to provide physical security for the machine on which the security server resides. This can include situating the machine in a locked room, keeping a log of when and by whom the machine is accessed, and any other methods that may be appropriate to your needs.
(See the OSF DCE Application Development Guide - Core Components for a more detailed discussion of authentication.)