The sec_create_db Command Format

sec_create_db {-master | -slave} -my[name] my_server_name \
[-k[eyseed] keyseed] [-cr[eator] creator_name] \
[-cu[nix_id] creator_unix_id] [-u[uid] cell_uuid] \
[-p[erson_low_unix_id] unix_id] [-g[roup_low_unix-id] unix_id] \
[-o[rg_low_unix-id] unix_id] [-ma[x_unix_id] unix_id] \
[-pa[ssword] default_password] [-v[erbose]

where:

-master
Specifies that the master replica's database should be created. All other sec_create_db options can be used with the -master option.

-slave
Specifies that a slave replica's database should be created. Only the -myname, -keyseed, and -verbose options can be used with the -slave option.

-my[name] my_server_name
This is a name that you assign to the security server (secd) on this machine. It is used by the name service to locate this cell's security server.

-k[eyseed] keyseed
This is a character string that you enter to seed the random key generator in order to create the master key for the database that you are creating. It should be a string that cannot be easily guessed. The master key is used to encrypt all account passwords. Each instance of a replica (master or slave) has its own master key. You can change the master key by using the dcecp registry modify command or sec_admin master_key command. (See Performing Routine Maintenance for information on the use of the dcecp registry modify command for modifying the master key. If you do not enter this option, sec_create_db prompts you for it.

-cr[eator] creator_name
This is the name of the registry creator. The registry creator is the initial privileged user of the registry database. Note that you can give equivalent privileges to another user at any time by using the dcecp acl modify command or acl_edit modify command to change the registry database ACL. When the registry is created, default ACL entries for registry objects are also created. These entries give the most privileged permissions to the principal that is named in the -cr option. If the principal that is named as the registry creator is not one of the reserved names, sec_create_db adds the principal and an account for that principal. If you do not enter this option, the initial privileged user of the registry database is root.

-cu[nix_id] creator_unix_id
This is a UNIX number that you specify to be assigned to the registry creator. If you do not enter this option, the registry creator's UNIX number is assigned dynamically.

-u[uid] cell_uuid
This is the cell's UUID. If you do not enter this UUID, it is assigned dynamically.

-p[erson_low_unix_id] unix_id
This is the starting point for UNIX IDs that are automatically generated when a principal is added by using the dcecp registry modify command or rgy_edit properties command. Note that you can explicitly assign a lower UNIX ID than this number; this lower limit applies only to automatically generated UNIX IDs.

-g[roup_low_unix_id] unix_id
This is the starting point for UNIX IDs that are automatically generated when a group is added by using the dcecp registry modify command or rgy_edit properties command. Note that you can explicitly enter a lower UNIX ID than this number; this lower limit applies only to automatically generated UNIX IDs.

-o[rg_low_unix_id] unix_id
This is the starting point for UNIX IDs that are automatically generated by the security service when an organization is added by using the dcecp registry modify command or rgy_edit properties command. Note that you can explicitly enter a lower UNIX ID than this number; this lower limit applies only to automatically generated UNIX IDs.

-ma[x_unix_id] unix_id
This is the highest number that can be assigned as a UNIX ID when a principal, group, or organization is added. No UNIX IDs higher than this number are assigned automatically, and you cannot specifically enter numbers higher than this number. The maximum UNIX ID stays in place until you change it with the dcecp registry modify command or rgy_edit properties command.

-pa[ssword] default_password
This is the default password that is assigned to the accounts created by sec_create_db. If you do not specify a default password, -dce- is used. Note the accounts hosts/local_host_name/principal_name none none, krbtgt/cell_name none, and nobody none none are not assigned the default password, but instead a randomly generated password.

-v[erbose]
Runs in verbose mode and generates a verbose transcript of all activity.