ITEM: AD2060L

Howto increase the maximum UID for a DCE security server

Question:

The customer is trying to add a new principal to DCE with a UID=35310,
but it fails with the following message:

    (rgy_edit) Unable to add principal  
    "fargop3" - Invalid data - record too long

The customer would like to know how to increase the maximum UID for 
a DCE security server.


Response:

The Maximum UID for a DCE Security server can be changed with the 
following steps:

- dce_login as cell_admin
- smitty dce

select   DCE Security & Users Administration
select   Registry Policies and Properties
select   Registry  Properties

                              Registry Properties

Type or select values in entry fields.
Press Enter AFTER making all desired changes.
  
                                                        [Entry Fields]
  MODE for registry                                   read-write              +
  HIDE encrypted passwords?                           no                      +
  PRINCIPALS Lowest possible UNIX ID                 [100]
  GROUPS Lowest possible UNIX ID                     [100]
  ORGANIZATIONS Lowest possible UNIX ID              [100]
  MAXIMUM possible UNIX ID                           [32767]

Change the value for "MAXIMUM possible UNIX ID"

It can also be changed using the "rgy_edit" command:

- dce_login as cell_admin
- rgy_edit

rgy_edit>  properties
  Properties:
    Properties for Registry at:               /.../dcecellname
    Registry is NOT read-only
    Certificates to this server may be generated at any site.
    Encrypted passwords are NOT hidden
    Unix IDs ARE embedded in PGO UUIDs
    Low UID for principal creation:           100
    Low UID for group creation:               100
    Low UID for org creation:                 100
    Maximum possible UID:                     32767
    Minimum certificate lifetime              5m
    Default certificate lifetime              10h
Do you wish to make changes [y/n]? (n) y \
Stamp registry read-only [y/n]? (n) \
Should encrypted passwords be hidden [y/n]? (n) \ 
Lower bound on principal unix id for automatic UID assignment: (100) \
Lower bound on group     unix id for automatic UID assignment: (100) \
Lower bound on org       unix id for automatic UID assignment: (100) \
Maximum allowable unix id: (32767) ENTER NEW VALUE HERE \
Minimum certificate lifetime (minutes): (5m) \
Default certificate lifetime (hours): (10h) \
rgy_edit=> quit



Support Line: Howto increase the maximum UID for a DCE security server ITEM: AD2060L

Dated: November 1994 Category: N/A

This HTML file was generated 99/06/24~13:30:29

Comments or suggestions?
Contact us