Adding and Maintaining Principals

Use the dcecp principal create command to create principals. A principal must exist before you can create an account for the principal. When you use the dcecp principal create command, you must supply the principal's primary name as an argument. In addition, you can supply the attribute options summarized in the following table.

Attribute Options to Create Principals

Option Meaning

-fullname namestring An optional name that is used to more fully describe a primary name. To include spaces, enclose the full name in braces. The default is blank.

-uid integer The required UNIX ID that is associated with the principal. You can enter this number explicitly or allow it to be generated automatically. If you enter it, the number you enter cannot exceed the maximum allowable UNIX number (the maxuid attribute) set with the registry modify command; however, you can enter a number lower than the low UNIX number (the minuid attribute) set for principals with the registry modify command. If you allow the number to be assigned automatically, it falls in the range defined by the low UNIX number and maximum UNIX number.

-quota quota The number of registry objects that can be created by the principal, known as the principal's object creation quota. To allow a principal to create an unlimited number of registry objects, enter the text string unlimited to set no quota. To prevent a principal from creating any registry objects, enter a 0. The quota argument defaults to unlimited.

Note: In addition to these standard principal attributes, you can also attach ERA instances to principals to control such aspects of DCE security as preauthentication, password strength and password generation, and handling of invalid logins. See Extended Security Attributes for Principals for information on these "well-known'' ERAs. See Creating and Using Extended Registry Attributes for information on ERAs in general.

More:

Adding Principals

Changing Principals

Deleting Principals and Aliases