unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (HP-UX-11.11)
Page:
Section:
Apropos / Subsearch:
optional field



 sec_salvage_db(1m)		     OSF		  sec_salvage_db(1m)




 NAME
      sec_salvage_db - Recover a corrupted registry database

      Note:  The sec_salvage_db -check and -fix options are not
	     currently available.

 SYNOPSIS
      sec_salvage_db -print [-dbpath db_pathname] [-prtpath print_pathname]
      [print_options] [-verbose] [-sort] [-dce1.0.3]


      sec_salvage_db -reconstruct [-dbpath db_pathname] [-prtpath
      print_pathname]
      [reconstruct_options] [-verbose]


      sec_salvage_db -check [-dbpath db_pathname] [db_options] [-verbose]


      sec_salvage_db -fix [-dbpath db_pathname] [db_options] [-force] [-
      verbose]



 OPTIONS
      -check	Check the database elements specified by db_options for
		inconsistencies. This option sends a list to standard output
		of all bad list links, internal id references, and database
		keys and any detectable data inconsistencies. The -check
		option does not check fields for legal values.


      db_options
		Specify the database elements to be acted on by the -check
		or -fix options. If no db_options are specified, all are
		selected.  The db_options are


		  +  -princ - Principals

		  +  -group - Groups

		  +   -org - Organizations

		  +  -acct - Accounts

		  +   -acl - ACLs

		  +  -policy - Policy





 Hewlett-Packard Company	    - 1 -	      OSF DCE 1.1/HP DCE 1.8






 sec_salvage_db(1m)	  Open Software Foundation	  sec_salvage_db(1m)




		  +  -state - Database State

		  +  -replicas - Replicas


		Note:  The .mkey.prt file and the princ.prt file
		       contain unencrypted authentication keys.
		       Ensure that only the privileged account can
		       access these files and that they are never
		       transferred over a network for viewing or
		       backup.


      -fix	Check the database for inconsistencies and prompt for
		whether to fix each inconsistency. After all inconsistencies
		have been processed, the option prompts for whether to save
		all fixes.

      -force	Check the database for inconsistencies and fix each one
		without prompting.  After all inconsistencies have been
		processed, the option prompts for whether to save all fixes.
		This option is valid only when used with the -fix option.

      -print	Create files containing ASCII-formatted database records.
		These files are used by the -reconstruct option as a source
		for recreating the database.  You can also manually edit the
		files to change information or fix problems. A separate file
		is created for each  of the print_options specified.

		By default the -print option stores the master key file in
		the current directory and the database files in the
		rgy_print directory in the current directory. The -prtpath
		option lets you specify a different directory.

      -dce1.0.3 Supports backwards conversion of a registry database from
		DCE 1.1 to DCE 1.0.3.

      print_options
		Specify the database elements to be acted on by the -print
		option. If the files exist, they are overwritten. If no
		print_options are specified, all are selected. The
		print_options and the files they create are


		  +  -princ - Put principal records in the file princ.prt
		     and master key information in the file .mkey.prt.

		  +  -group - Put group records in the file group.prt.

		  +   -org - Put organization records in the file org.prt.




 Hewlett-Packard Company	    - 2 -	      OSF DCE 1.1/HP DCE 1.8






 sec_salvage_db(1m)	  Open Software Foundation	  sec_salvage_db(1m)




		  +  -policy - Put policy records in the file policy.prt.

		  +  -state - Put information about the state of the
		     database in the file rgy_state.prt.

		  +  -replicas - Put replica information in the file
		     replicas.prt.


      -reconstruct
		Reconstruct the registry database from the ASCII-formatted
		print files created by the -print option.  The
		reconstruct_options specify the print files to use.


      reconstruct_options

		Note:  The reconstruct_options	options are not
		       available in Release 1.0.3.  For this release,
		       sec_salvage_db reconstructs all elements of
		       the registry database.

		Specifies which elements of the registry database to
		reconstruct. If no reconstruct_options are specified, all
		are selected. The reconstruct_options are


		  +  -pgo - Use data in the princ.prt, group.prt, org.prt,
		     and .mkey.prt files to reconstruct:


		       -- Principals, groups, organizations

		       -- Principal's accounts

		       -- ACL's on database objects

		       -- The master key file


		  +  -policy - Use data from the policy.prt file to
		     reconstruct registry policies.

		  +  -state - Use data from the rgy_state.prt file to
		     reconstruct information about the state of the
		     database.

		  +  -replicas - Use data from the replicas.prt file to
		     reconstruct the master replica list.





 Hewlett-Packard Company	    - 3 -	      OSF DCE 1.1/HP DCE 1.8






 sec_salvage_db(1m)	  Open Software Foundation	  sec_salvage_db(1m)




      -dbpath db_pathname
		For the -print and -check options, -dbpath specifies the
		directory in which the registry database and the master key
		file are located. For the -reconstruct and -fix options, -
		dbpath specifies the directory in which to store the
		reconstructed or salvaged database.

		The -print and -check options expects to find the master key
		file, .mkey, in the directory above the directory that holds
		the database files.  For example, if db_pathname is
		dcelocal/var/security/new_rgy, the options look for the
		master key file in dcelocal/var/security and the database
		files in dcelocal/var/security/new_rgy.

		If this option is not specified, the default pathname is
		dcelocal/var/security/rgy_data.

		db_pathname can be a global pathname or a cell-relative
		name.


      -prtpath print_pathname
		For the print and -reconstruct options only, -prtpath
		specifies the directory in which to create (-print) the
		print files, or find (-reconstruct) the print files from
		which to reconstruct the database.

		By default the -print option creates and the -reconstruct
		option looks for the master key file in the current
		directory and the database files in the rgy_print
		subdirectory of the current directory. -prtpath lets you
		specify the directory that should be used instead of the
		current directory.  For example, if you specify
		print_pathname as dcelocal/var/security/registry, the master
		key print file will be created in that directory and the
		database print files in
		dcelocal/var/security/registry/rgy_print.

		If any or all of the print files exist in print_pathname or
		the default directory, their contents are overwritten.

		print_pathname can be a global pathname or a cell-relative
		name.


 DESCRIPTION
      The sec_salvage_db tool is an aid to database administration and
      troubleshooting.	Although day-to-day administration is handled by the
      rgy_edit command, sec_salvage_db can be useful for listing registry
      data, reconstructing databases, and salvaging corrupted databases.




 Hewlett-Packard Company	    - 4 -	      OSF DCE 1.1/HP DCE 1.8






 sec_salvage_db(1m)	  Open Software Foundation	  sec_salvage_db(1m)




      The sec_salvage_db command supports two methods of operation: the
      check and fix method and the print and reconstruct method.   These
      methods can be used in tandem.

    Check and Fix Method
      Note:  The -check and -fix options are not currently available.

      The check and fix method recovers data from a corrupted database,
      fixing corrupted data links, data retrieval keys, and other internal
      references. You can use it on a database so corrupted that it prevents
      the Security Server (secd) from running or registry clients from
      operating correctly. The check and fix method repairs the database
      structure so that secd can run. (Note that data may be lost if
      corrupted pointers in the registry data files irreversibly sever the
      links between records.) The check and fix method uses the
      sec_salvage_db -check, -fix, and -force options.

      The -check option accesses each record in the database and reports all
      errors, but makes no fixes.  Although you can run it to see the state
      of the database before you run the -fix option, it is not required to
      be run.

      The -fix option also accesses each record in the database and reports
      all errors, but as it finds each error, it prompts for whether or not
      to fix the error.	 When processing is complete, sec_salvage_db prompts
      for whether or not to save the changes.

      The -force option can only be used with the -fix option. If you use
      it, sec_salvage_db does not prompt for confirmation before it fixes
      each error it finds.  sec_salvage_db will still prompt for
      confirmation before it saves the changes.

    The Print and Reconstruct Method
      The print and reconstruct method allows you to reconstruct a database.
      It first creates ASCII files, called print files, that contain all
      accessible data in the database.	Then, it reads the data in these
      files to construct a new database. If you cannot start a Security
      Server on the database host machine, you cannot use the print and
      reconstruct method, but must use the check and fix method.  (Note that
      before you run sec_salvage_db with the -print and -reconstruct
      options, you must stop the Security Server.)

      In addition to reconstructing the database, the print and reconstruct
      method has other uses.  You can use it to

	+  Make changes to the database by manually editing the print files
	   created by the -print option and then reconstructing them from
	   the changed print files. This can be especially useful for
	   changing many user passwords, which may be necessary if the
	   master key file is corrupted.




 Hewlett-Packard Company	    - 5 -	      OSF DCE 1.1/HP DCE 1.8






 sec_salvage_db(1m)	  Open Software Foundation	  sec_salvage_db(1m)




	+  Obtain a listing of database contents.

	+  Copy databases between different platforms.

      To use the print and reconstruct method run sec_salvage_db first with
      the -print option and then with the -reconstruct option.

      The -print option creates the ASCII print files from the registry
      database files.  These files can be reviewed and edited to correct
      faulty information, such as name-to-UNIX ID mismatches or missing
      data, or to update existing data.	 The -reconstruct option recreates
      the registry database files from the print files.

      Because the -print option creates files containing all data in the
      database and the -reconstruct option recreates the database based on
      these files, you can use this method to move a database to another
      machine or even another cell. For example, if you run sec_salvage_db
      -print on an uncorrupted database, you can then run sec_salvage_db
      -reconstruct and specify a pathname on a different machine for where
      the database should be created.

    Converting a DCE 1.1 Registry Database to a DCE 1.0.3 Database
      The sec_salvage_db -dce1.0.3  option supports backwards conversion of
      a registry database from DCE 1.1 to DCE 1.0.3. To convert a DCE 1.1
      registry database to a DCE 1.0.3 database perform the following
      procedure:


       1.  Stop all DCE 1.1 servers.

       2.  Run the sec_salvage_db command with the -print and -dce1.0.3
	   options (and any other options you need) to create ASCII print
	   files of the Registry database.

	   Note that for polymorphous objects (that is, an object that can
	   be both a directory and a person, group, or organization),
	   sec_salvage_db creates a print file entry for a directory as as
	   default.  It then stores the information related to the person,
	   group, or organization in a file named info.prt.  To recreate a
	   person, group, or organization instead of a directory, manually
	   add the information in the info.prt file to the appropriate ASCII
	   print files.

       3.  Clean up the remnants of the Registry database by deleting the
	   /opt/dcelocal/var/rpc/rpcdep.dat file and all files in the
	   following directories:


	     +	/opt/dcelocal/var/security/rgy_data





 Hewlett-Packard Company	    - 6 -	      OSF DCE 1.1/HP DCE 1.8






 sec_salvage_db(1m)	  Open Software Foundation	  sec_salvage_db(1m)




	     +	/opt/dcelocal/var/security/rcache

	     +	/opt/dcelocal/var/security/creds


       4.  Reload the DCE 1.0.3 bits.

       5.  Run the sec_salvage_db command with the -reconstruct option (and
	   any other options you need) to create the database from the ASCII
	   print files.

       6.  Restart DCE 1.0.3 servers.


 EDITING THE PRINT FILES
      To edit the print files, your entries must be in the following format

      field_name optional_white_space=optional_white_space value

      Although you can leave spaces between the field name, the equals sign,
      and the value, field names and values cannot contain white space.

      A sample org.prt file follows.

      Record_Number = 2
      Object_Type = ORG
      Name = org/none
      UUID = 0000000C-D751-21CA-A002-08001E039D7D
      Unix_ID = 12
      Is_Alias_Flag = false
      Is_Required_Flag = false
      Fullname =
      Member_Name = nobody
      Member_Name = root
      Member_Name = daemon
      Member_Name = uucp
      Member_Name = bin
      Member_Name = dce-ptgt
      Member_Name = dce-rgy
      Member_Name = krbtgt/abc.com
      Member_Name = hosts/zebra/self
      Obj_Acl_Def_Cell_Name = /.../abc.com
      Obj_Acl_Entry = unauthenticated:r-t-----
      Obj_Acl_Entry = user:root:rctDnfmM
      Obj_Acl_Entry = other_obj:r-t-----
      Obj_Acl_Entry = any_other:r-t-----


      To update existing entries, simply supply a new value. For example, to
      update a principal's full name, the entry in the princ.prt file is




 Hewlett-Packard Company	    - 7 -	      OSF DCE 1.1/HP DCE 1.8






 sec_salvage_db(1m)	  Open Software Foundation	  sec_salvage_db(1m)




      Fullname = fullname


      The fullname variable is the principal's full name.  The princ.prt
      file contains the following entry that allows you to update a
      principal's password in plain text:

      Plaintext_Passwd =


      This field does not display the principal's password. To update the
      password, simply enter the new one in plain text after the equals
      sign.  When the database is reconstructed, the password is encrypted
      and any keys derived from that password are regenerated and used to
      overwrite any existing encryption key entries.

      To specify a NULL value, delete the existing value. For example, to
      specify a NULL value for a fullname in the princ.prt file, the entry
      is

      Fullname =


 PRINT FILE FIELDS AND VALUES
      The fields in the princ.prt, group.prt, org.prt, .mkey.prt,
      policy.prt, rgy_state.prt and replicas.prt files are described in the
      following tables.

 Table 0-0.  princ.prt File Fields


      ______________________________________________________________________
       Field Name		   Field Values
      ______________________________________________________________________
       For all Records:
      ______________________________________________________________________
      ______________________________________________________________________
       Record_Number		   The sequential number of the record in
				   the database.
      ______________________________________________________________________
       Object_Type		   An indication of the type of object:
				   PRINC=principal, DIR=directory.
      ______________________________________________________________________
       Name			   Name of the object.
      ______________________________________________________________________
       UUID			   Unique Identifier of the object.
      ______________________________________________________________________
       For Principals:
      ______________________________________________________________________
      ______________________________________________________________________




 Hewlett-Packard Company	    - 8 -	      OSF DCE 1.1/HP DCE 1.8






 sec_salvage_db(1m)	  Open Software Foundation	  sec_salvage_db(1m)




       Unix_ID			   The principal's Unix ID.
      ______________________________________________________________________
       Is_Alias_Flag		   An indication of whether or not the
				   principal name is an alias or a primary
				   name: true=alias, false=primary.
      ______________________________________________________________________
       Is_Required_Flag		   An indication of whether or not the
				   principal is reserved: true=principal is
				   reserved and cannot be deleted,
				   false=principal is not reserved.
      ______________________________________________________________________
       Quota			   The principal's object creation quota: a
				   non-negative integer or unlimited.
      ______________________________________________________________________
       Fullname			   The principal's fullname: a text string.
      ______________________________________________________________________
       Member_Name*		   The names of the groups to which the
				   principal belongs.
      ______________________________________________________________________
       Obj_Acl_Def_Cell_Name	   The default cell name of this
				   principal's object ACL.
      ______________________________________________________________________
       Num_Acl_Entries		   The number of entries in the principals
				   object ACL.
      ______________________________________________________________________
       Obj_Acl_Entry*+		   The contents of the principal's object
				   ACL.
      ______________________________________________________________________
       Acct_Group_Name		   The account's group name.
      ______________________________________________________________________
       Acct_Org_Name		   The account's organization name.
      ______________________________________________________________________
       Acct_Creator_Name	   The name of principal who created this
				   account.
      ______________________________________________________________________
       Acct_Creation_Time	   The date and time the account was
				   created in yyyy/mm/dd.hh:mm format.	The
				   first two digits of the year, the hours,
				   and the minutes are optional.
      ______________________________________________________________________
       Acct_Changer_Name	   Name of principal who last changed the
				   account.
      ______________________________________________________________________
       Acct_Change_Time		   The date and time the account was last
				   changed in yyyy/mm/dd.hh:mm format.
				   (The first two digits of the year, the
				   hours and the minutes are optional.)
      ______________________________________________________________________






 Hewlett-Packard Company	    - 9 -	      OSF DCE 1.1/HP DCE 1.8






 sec_salvage_db(1m)	  Open Software Foundation	  sec_salvage_db(1m)




       Acct_Expire_Time		   The date and time the account expires or
				   none for no expiration date.	 The date
				   and time are in yyyy/mm/dd.hh:mm format.
				   (The first two digits of the year, the
				   hours and the minutes are optional.)
      ______________________________________________________________________
       Acct_Good_Since_Time	   The date and time the principal's
				   account was last known to be in an
				   uncompromised state in yyyy/mm/dd.hh:mm,
				   format or no for current time and date.
				   (The first two digits of the year, the
				   hours and the minutes are optional.)
      ______________________________________________________________________
       Acct_Valid_For_Login_Flag   An indication of whether or not the
				   account can be logged into: true=account
				   is valid for login, false=account cannot
				   be logged into.
      ______________________________________________________________________
      |				 |					    |
      |				 |					    |
      |				 |					    |
      |				 |					    |
      |				 |					    |
      |				 |					    |
      |				 |					    |
      |				 |					    |
      |				 |					    |
      |				 |					    |
      |				 |					    |
      |				 |					    |
      |				 |					    |
      |				 |					    |






















 Hewlett-Packard Company	   - 10 -	      OSF DCE 1.1/HP DCE 1.8






 sec_salvage_db(1m)	  Open Software Foundation	  sec_salvage_db(1m)




    __________________________________________________________________________
     Acct_Valid_As_Server_Flag	     Indicates whether or not the account is
				     a server and can engage in authenticated
				     communication: true=account is a server,
				     false=account is not server.
    __________________________________________________________________________
     Acct_Valid_As_Client_Flag	     Indicates whether or not the account is
				     a client and can log in, acquire
				     tickets, and be authenticated:
				     true=account is a client, false=account
				     is not a client.

    __________________________________________________________________________
     Acct_Post_Dated_Cert_Ok_Flag    Indicates whether or not tickets with a
				     start time some time in the future can
				     be issued to the account's principal:
				     true=postdated tickets can be issued,
				     false=postdated tickets cannot be
				     issued.
    __________________________________________________________________________
     Acct_Forwardable_Cert_Ok_Flag   Indicates whether or not a new ticket-
				     granting ticket with a network address
				     that differs from the present ticket-
				     granting address can be issued to the
				     account's principal: true=account can
				     get forwardable certificates,
				     false=account cannot.
    __________________________________________________________________________
     Acct_TGT_Auth_Cert_Ok_Flag	     Indicates whether or not tickets issued
				     to the account's principal can use the
				     ticket-granting-ticket authentication
				     mechanism: true=tickets can use the
				     ticket-granting-ticket authentication
				     mechanism, false=they cannot.
    __________________________________________________________________________
     Acct_Renewable_Cert_Ok_Flag     Indicates whether or not tickets issued
				     to the principal's ticket-granting
				     ticket to be renewed: true=tickets can
				     be renewed, false=tickets cannot be
				     renewed.
    __________________________________________________________________________
     Acct_Proxiable_Cert_Ok_Flag     Indicates whether or not a new ticket
				     with a different network address than
				     the present ticket can be issued to the
				     account's principal: true=such a ticket
				     can be issued, false=such a ticket
				     cannot be issued.
    __________________________________________________________________________






 Hewlett-Packard Company	   - 11 -	      OSF DCE 1.1/HP DCE 1.8






 sec_salvage_db(1m)	  Open Software Foundation	  sec_salvage_db(1m)




     Acct_Dup_Session_Key_Ok_Flag    Indicates whether or not tickets issued
    |				   | to the account's principal can have      |
    |				   | duplicate keys: true=account can have    |
    |				   | duplicate session keys, false=account    |
    |				   | cannot.				      |
    |______________________________|__________________________________________|
    |Unix_Key			   | The account principal's encrypted UNIX   |
    |				   | password: ASCII string.		      |
    |______________________________|__________________________________________|
    |Plaintext_Passwd		   | Stores the principal's password in plain |
    |				   | text.  This field is provided to allow   |
    |				   | principal's passwords to be changed.     |
    |				   | When the princ.prt file is processed by  |
    |				   | the sec_salvage_db -reconstruct option,  |
    |				   | this password is encrypted using UNIX    |
    |				   | system encryption. This encrypted	      |
    |				   | password is then stored as the	      |
    |				   | principal's encrypted UNIX password in   |
    |				   | the Unix_Key field.		      |
    |______________________________|__________________________________________|
    |Home_Dir			   | The account principal's home directory:  |
    |				   | text string.			      |
    |______________________________|__________________________________________|
    |Shell			   | The account principal's login shell:     |
    |				   | text string.			      |
    |______________________________|__________________________________________|
    |Gecos			   | The account's GECOS information: text    |
    |				   | string.				      |
    |______________________________|__________________________________________|
    |Passwd_Valid_Flag		   | Indicates whether or not the account     |
    |				   | principal's password is valid:	      |
    |				   | true=password is valid, false=password   |
    |				   | not valid.				      |
    |______________________________|__________________________________________|




















 Hewlett-Packard Company	   - 12 -	      OSF DCE 1.1/HP DCE 1.8






 sec_salvage_db(1m)	  Open Software Foundation	  sec_salvage_db(1m)




    _________________________________________________________________________
     Passwd_Change_Time		    The date and time the account
				    principal's password was last changed in
				    yyyy/mm/dd.hh:mm format or now for the
				    current date and time. The first two
				    digits of the year, the hours and the
				    minutes are optional.
    _________________________________________________________________________
     Max_Certificate_Lifetime	    The number of hours before the
				    Authentication Service must renew the
				    account principal's service
				    certificates: an integer indicating the
				    time in hours or default-policy to use
				    the registry default.
    _________________________________________________________________________
     Max_Renewable_Lifetime	    The number of hours before a session
				    with the account principal's identity
				    expires and the principal must log in
				    again to reauthenticate: an integer
				    indicating the time in hours or
				    default-policy to use the registry
				    default.
    _________________________________________________________________________
     Master_Key_Version		    The version of the master key used to
				    encrypt the account principal's key.
    _________________________________________________________________________
     Num_Auth_Keys		    The number of the account principal's
				    authentication keys.
    _________________________________________________________________________
     Auth_Key_Version*		    A list of the version numbers of the
				    account principal's authentication key.
				    The first version number on the list
				    represents the current authentication
				    key.
    _________________________________________________________________________
     Auth_Key_Pepper*		    The pepper algorithm used for the
				    account principal's key: a text string
				    or blank to use the default pepper
				    algorithm.
    _________________________________________________________________________
     Auth_Key_Len*		    The length in bytes of the account
				    principal's authentication key.
    _________________________________________________________________________
     Auth_Key*			    The account principal's authentication
				    key: hex string.
    _________________________________________________________________________








 Hewlett-Packard Company	   - 13 -	      OSF DCE 1.1/HP DCE 1.8






 sec_salvage_db(1m)	  Open Software Foundation	  sec_salvage_db(1m)




     Auth_Key_Expire_Time*	    The date and time the account
    |				  | principal's authentication key expires   |
    |				  | or none for no expiration. Date and time |
    |				  | are in  yyyy/mm/dd.hh:mm format.   (The  |
    |				  | first two digits of the year, the hours  |
    |				  | and the minutes are optional.)	     |
    |_____________________________|__________________________________________|
    |_____________________________|__________________________________________|
    |For Directories:		  |					     |
    |_____________________________|__________________________________________|
    |_____________________________|__________________________________________|
    |Obj_Acl_Def_Cell_Name+	  | The default cell name of the directory's |
    |				  | object ACL.				     |
    |_____________________________|__________________________________________|
    |Num_Acl_Entries		  | The number of entries in the directory's |
    |				  | object ACL.				     |
    |_____________________________|__________________________________________|
    |Obj_Acl_Entry*+		  | The contents of the directory's object   |
    |				  | ACL.				     |
    |_____________________________|__________________________________________|
    |Init_Obj_Acl_Def_Cell_Name+  | The default cell name of the directory's |
    |				  | initial object ACL.			     |
    |_____________________________|__________________________________________|
    |Num_Acl_Entries		  | The number of entries in the directory's |
    |				  | initial object ACL.			     |
    |_____________________________|__________________________________________|
    |Init_Obj_Acl_Entry*+	  | The contents of the directory's initial  |
    |				  | object ACL.				     |
    |_____________________________|__________________________________________|
    |Init_Cont_Acl_Def_Cell_Name+ | The default cell name of the directory's |
    |				  | initial container ACL.		     |
    |_____________________________|__________________________________________|
    |Num_Acl_Entries		  | The number of entries in the directory's |
    |				  | initial container ACL.		     |
    |_____________________________|__________________________________________|
    |Init_Cont_Acl_Entry*+	  | The contents of the directory's initial  |
    |				  | container ACL.			     |
    |_____________________________|__________________________________________|

      * These segments/fields may appear multiple times in succession.

      + If a stored UUID doesn't map to a name required for this field, the
      UUID will be displayed.











 Hewlett-Packard Company	   - 14 -	      OSF DCE 1.1/HP DCE 1.8






 sec_salvage_db(1m)	  Open Software Foundation	  sec_salvage_db(1m)




 Table 0-0.  group.prt File Fields


    _________________________________________________________________________
     Field Name			    Field Values
    _________________________________________________________________________
     For all Records:
    _________________________________________________________________________
    _________________________________________________________________________
     Record_Number		    The sequential number of the record in
				    the database.
    _________________________________________________________________________
     Object_Type		    An indication of the type of object:
				    GROUP=group, DIR=directory.
    _________________________________________________________________________
     Name			    Name of the object.
    _________________________________________________________________________
     UUID			    Unique Identifier of the object.
    _________________________________________________________________________
     For Groups:
    _________________________________________________________________________
    _________________________________________________________________________
     Unix_ID			    Unix ID of the group.
    _________________________________________________________________________
     Is_Alias_Flag		    An indication of whether or not the
				    group name is an alias or a primary
				    name: true=alias, false=primary .
    _________________________________________________________________________
     Is_Required_Flag		    An indication of whether or not the
				    group is reserved: true=group is
				    reserved and cannot be deleted,
				    false=group is not reserved.
    _________________________________________________________________________
     Projlist_Ok_Flag		    An indication of whether or not the
				    group can be included in project lists:
				    true=group can be included on project
				    lists, false=group cannot be included.
    _________________________________________________________________________
     Fullname			    The group's fullname: a text string.
    _________________________________________________________________________
     Member_Name*		    The names of the group's members.
    _________________________________________________________________________
     Obj_Acl_Def_Cell_Name+	    The default cell name of this group's
				    object ACL.
    _________________________________________________________________________
     Num_Acl_Entries		    The number of entries in the group's
				    object ACL.
    _________________________________________________________________________
     Obj_Acl_Entry*		    The contents of the group's object ACL.
    _________________________________________________________________________
     For Directories:



 Hewlett-Packard Company	   - 15 -	      OSF DCE 1.1/HP DCE 1.8






 sec_salvage_db(1m)	  Open Software Foundation	  sec_salvage_db(1m)




    _________________________________________________________________________
    _________________________________________________________________________
     Obj_Acl_Def_Cell_Name+	    The default cell name of this
				    directory's object ACL.
    |_____________________________|__________________________________________|
    |Num_Acl_Entries		  | The number of entries in the directory's |
    |				  | object ACL.				     |
    |_____________________________|__________________________________________|
    |Obj_Acl_Entry*		  | The contents of the directory's object   |
    |				  | ACL.				     |
    |_____________________________|__________________________________________|
    |Init_Obj_Acl_Def_Cell_Name+  | The default cell name of the directory's |
    |				  | initial object ACL.			     |
    |_____________________________|__________________________________________|
    |Num_Acl_Entries		  | The number of entries in the directory's |
    |				  | initial object ACL.			     |
    |_____________________________|__________________________________________|
    |				  |					     |
    |Init_Obj_Acl_Entry*+	  | The contents of the directory's initial  |
    |				  | object ACL.				     |
    |_____________________________|__________________________________________|
    |Init_Cont_Acl_Def_Cell_Name+ | The default cell name of the directory's |
    |				  | initial container ACL.		     |
    |_____________________________|__________________________________________|
    |Num_Acl_Entries		  | The number of entries in the directory's |
    |				  | initial container ACL.		     |
    |_____________________________|__________________________________________|
    |Init_Cont_Acl_Entry*+	  | The contents of the directory's initial  |
    |				  | container ACL.			     |
    |_____________________________|__________________________________________|

      * These fields may appear multiple times in succession.

      + If a stored UUID doesn't map to a name required for this field, the
      UUID will be displayed.



















 Hewlett-Packard Company	   - 16 -	      OSF DCE 1.1/HP DCE 1.8






 sec_salvage_db(1m)	  Open Software Foundation	  sec_salvage_db(1m)




 Table 0-0.  org.prt File Fields


   ___________________________________________________________________________
    Field Name			     Field Values
   ___________________________________________________________________________
    For all Records:
   ___________________________________________________________________________
   ___________________________________________________________________________
    Record_Number		     The sequential number of the record in
				     the database.
   ___________________________________________________________________________
    Object_Type			     An indication of the type of object:
				     ORG=organization, DIR=directory.
   ___________________________________________________________________________
    Name			     Name of the object.
   ___________________________________________________________________________
    UUID			     Unique Identifier of the object.
   ___________________________________________________________________________
    For Organizations:
   ___________________________________________________________________________
   ___________________________________________________________________________
    Unix_ID			     Unix Id of the organization.
   ___________________________________________________________________________
    Is_Alias_Flag		     An indication of whether or not the
				     organization is an alias or a primary
				     name: true=alias, false=primary.
   ___________________________________________________________________________
    Is_Required_Flag		     An indication of whether or not the
				     organization is reserved:
				     true=organization is reserved and cannot
				     be deleted, false=organization is not
				     reserved.
   ___________________________________________________________________________
    Fullname			     The organization's fullname: a text
				     string.
   ___________________________________________________________________________
    Member_Name*		     The names of the organization's members.
   ___________________________________________________________________________
    Obj_Acl_Def_Cell_Name	     The default cell name of this
				     organization's object ACL.
   ___________________________________________________________________________
    Num_Acl_Entries		     The number of entries in the
				     organization's object ACL.
   ___________________________________________________________________________
    Obj_Acl_Entry*+		     The contents of the organization's
				     object ACL.
   ___________________________________________________________________________
    For Organizations with Policy:
   ___________________________________________________________________________
   ___________________________________________________________________________



 Hewlett-Packard Company	   - 17 -	      OSF DCE 1.1/HP DCE 1.8






 sec_salvage_db(1m)	  Open Software Foundation	  sec_salvage_db(1m)




    Acct_Lifetime		     The period during which accounts for the
				     organization are valid: a integer number
				     representing days or forever.
   ___________________________________________________________________________
   |Passwd_Min_Len		   | The minimum length of the organization's |
   |				   | password: a non-negative integer.	      |
   |_______________________________|__________________________________________|
   |Passwd_Lifetime		   | The span in days of the lifetime of the  |
   |				   | organization's password: an integer or   |
   |				   | forever.				      |
   |_______________________________|__________________________________________|
   |Passwd_Expire_Time		   | The date and time the organization's     |
   |				   | password expires in yyyy/mm/dd.hh:mm     |
   |				   | format.   (The first two digits of the   |
   |				   | year, the hours and the minutes are      |
   |				   | optional.)				      |
   |_______________________________|__________________________________________|
   |Passwd_All_Spaces_Ok	   | An indication of whether or not the      |
   |				   | organization's password can consist of   |
   |				   | all spaces: true=can consist of spaces,  |
   |				   | false=cannot.			      |
   |_______________________________|__________________________________________|
   |Passwd_All_Alphanumeric_Ok	   | An indication of whether or not the      |
   |				   | organization's password can consist of   |
   |				   | all alphanumeric characters: true=can be |
   |				   | all alphanumeric, false=cannot.	      |
   |_______________________________|__________________________________________|
   |For Directories:		   |					      |
   |_______________________________|__________________________________________|
   |_______________________________|__________________________________________|
   |Obj_Acl_Def_Cell_Name+	   | The default cell name of the directory's |
   |				   | object ACL.			      |
   |_______________________________|__________________________________________|
   |Num_Acl_Entries		   | The number of entries in the directory's |
   |				   | object ACL.			      |
   |_______________________________|__________________________________________|
   |Obj_Acl_Entry*+		   | The contents of the directory's object   |
   |				   | ACL.				      |
   |_______________________________|__________________________________________|
   |Init_Obj_Acl_Def_Cell_Name+	   | The default cell name of the directory's |
   |				   | initial object ACL.		      |
   |_______________________________|__________________________________________|
   |Num_Acl_Entries		   | The number of entries in the directory's |
   |				   | initial object ACL.		      |
   |_______________________________|__________________________________________|









 Hewlett-Packard Company	   - 18 -	      OSF DCE 1.1/HP DCE 1.8






 sec_salvage_db(1m)	  Open Software Foundation	  sec_salvage_db(1m)




    _________________________________________________________________________
    |Init_Obj_Acl_Entry*+	  | The contents of the directory's initial  |
    |				  | object ACL.				     |
    |_____________________________|__________________________________________|
    |Init_Cont_Acl_Def_Cell_Name+ | The default cell name of the directory's |
    |				  | initial container ACL.		     |
    |_____________________________|__________________________________________|
    |Num_Acl_Entries		  | The number of entries in the directory's |
    |				  | initial container ACL.		     |
    |_____________________________|__________________________________________|
    |Init_Cont_Acl_Entry*+	  | The contents of the directory's initial  |
    |				  | container ACL.			     |
    |_____________________________|__________________________________________|

      * These fields may appear multiple times in succession.

      + If a stored UUID doesn't map to a name required for this field,	 the
      UUID will be displayed.

 Table 0-0.  .mkey.prt File Fields

	 _______________________________________________________________
	 |Field Name	     | Field Values				|
	 |___________________|__________________________________________|
	 |Master_Key_Version | The integer version of the master key.	|
	 |___________________|__________________________________________|
	 |Master_Key_Keytype | Always des.				|
	 |___________________|__________________________________________|
	 |Master_Key_Length  | The length of the master key in bytes.	|
	 |___________________|__________________________________________|
	 |Master_Key	     | The master key in hex string format.	|
	 |___________________|__________________________________________|






















 Hewlett-Packard Company	   - 19 -	      OSF DCE 1.1/HP DCE 1.8






 sec_salvage_db(1m)	  Open Software Foundation	  sec_salvage_db(1m)




 Table 0-0.  policy.prt File Fields


    __________________________________________________________________________
     Field Name			     Field Values
    __________________________________________________________________________
     Rgy_Policy_File_Version	     An integer representing the version of
				     the policy information.
    __________________________________________________________________________
     Prop_Read_Version		     A number indicating the property
				     record's read version.
    __________________________________________________________________________
     Prop_Write_Version		     A number indicating the property
				     record's write version.
    __________________________________________________________________________
     Min_Certificate_Lifetime	     The minimum amount of time before the
				     principal's ticket must be renewed in
				     weekswdaysdhourshminutesm format.
    __________________________________________________________________________
     Default_Certificate_Lifetime    The the default lifetime for tickets
				     issued to principals in this cell's
				     registry in weekswdaysdhourshminutesm
				     format.
    __________________________________________________________________________
     Low_Unix_ID_Principal	     The starting point for principal UNIX
				     IDs automatically generated by the
				     Security Service when a principal is
				     added: an integer, which must be less
				     than Max_Unix_ID.
    __________________________________________________________________________
     Low_Unix_ID_Group		     The the starting point for UNIX IDs
				     automatically generated by the Security
				     Service when a group is added: an
				     integer, which must be less than
				     Max_Unix_ID.
    __________________________________________________________________________
     Low_Unix_ID_Org		     The starting point for UNIX IDs
				     automatically generated by the Security
				     Service when an organization is added
				     using: an integer, which must be less
				     than Max_Unix_ID.
    __________________________________________________________________________
     Max_Unix_ID		     The highest number that can be supplied
				     as a UNIX ID when principals are
				     created: an integer.
    __________________________________________________________________________
     Rgy_Readonly_Flag		     An indication of whether or not the
				     registry is read-only: true=read only,
				     false=updateable.
    __________________________________________________________________________




 Hewlett-Packard Company	   - 20 -	      OSF DCE 1.1/HP DCE 1.8






 sec_salvage_db(1m)	  Open Software Foundation	  sec_salvage_db(1m)




     Auth_Certificate_Unbound_Flag   An indication of whether or not
				     certificates are generated for use on
				     any machine: true=yes, false=no.
    __________________________________________________________________________
    |Shadow_Passwd_Flag		   | Determines whether encrypted passwords   |
    |				   | are sent over the network:		      |
    |				   | true=encrypted passwords are not sent    |
    |				   | over the network, false=encrypted	      |
    |				   | passwords are sent over the network.     |
    |______________________________|__________________________________________|
    |Embedded_Unix_ID_Flag	   | Determines if UNIX IDs are embedded in   |
    |				   | person, group, and organization UUIDs:   |
    |				   | true=UNIX IDs are embedded, false=UNIX   |
    |				   | IDs are not embedded.		      |
    |______________________________|__________________________________________|







































 Hewlett-Packard Company	   - 21 -	      OSF DCE 1.1/HP DCE 1.8






 sec_salvage_db(1m)	  Open Software Foundation	  sec_salvage_db(1m)




     _______________________________________________________________________
      Realm_Name		   The name of the full global pathname of
				   realm running the secd.
     _______________________________________________________________________
      Realm_UUID		   The UUID of the realm running the secd.
     _______________________________________________________________________
      Unauthenticated_Quota	   The quota of unauthenticated users: a
				   number or unlimited.
     _______________________________________________________________________
      Acct_Lifetime		   The period during which accounts are
				   valid: a integer number representing
				   days or forever.
     _______________________________________________________________________
      Passwd_Min_Len		   The minimum length of passwords: a non-
				   negative integer.
     _______________________________________________________________________
      Passwd_Lifetime		   The span in days of the password
				   lifetimes: an integer or forever.
     _______________________________________________________________________
      Passwd_Expire_Time	   The date and time the passwords expire
				   in yyyy/mm/dd.hh:mm format.	 (The first
				   two digits of the year, the hours and
				   the minutes are optional.)
     _______________________________________________________________________
      Passwd_All_Spaces_Ok	   An indication of whether or not
				   passwords can consist of all spaces:
				   true=can consist of spaces,
				   false=cannot.
     _______________________________________________________________________
      Passwd_All_Alphanumeric_Ok   Am indication of whether or not
				   passwords can consist of all
				   alphanumeric characters: true=can be all
				   alphanumeric, false=cannot.
     _______________________________________________________________________
      Max_Certificate_Lifetime	   The number of hours before the
				   Authentication Service must renew
				   service certificates: an integer
				   indicating the time in hours or
				   default-policy to use the registry
				   default.
     _______________________________________________________________________
      Max_Renewable_Lifetime	   The number of hours before sessions
				   expire and the session  principal must
				   log in again to reauthenticate: an
				   integer indicating the time in hours or
				   default-policy to use the registry
				   default.
     _______________________________________________________________________
      Princ_Cache_State		   The timestamp of the principal cache.
     _______________________________________________________________________




 Hewlett-Packard Company	   - 22 -	      OSF DCE 1.1/HP DCE 1.8






 sec_salvage_db(1m)	  Open Software Foundation	  sec_salvage_db(1m)




      Group_Cache_State		   The timestamp of the group cache.
     |___________________________|__________________________________________|
     |Org_Cache_State		 | The timestamp of the organization cache. |
     |___________________________|__________________________________________|
     |My_Name			 | The cell-relative name of the security   |
     |				 | server.				    |
     |___________________________|__________________________________________|
     |Master_Key_Version	 | The integer version of current master    |
     |				 | key.					    |
     |___________________________|__________________________________________|
     |Master_Key_Keytype	 | Always des.				    |
     |___________________________|__________________________________________|
     |Master_Key_Length		 | The length of the master key in bytes.   |
     |___________________________|__________________________________________|
     |Master_Key		 | The master key in hex string format.	    |
     |___________________________|__________________________________________|
     |Old_Master_Key_Version	 | The version of the previous master key.  |
     |___________________________|__________________________________________|
     |Old_Master_Key_Keytype	 | Always des.				    |
     |___________________________|__________________________________________|
     |Old_Master_Key_Length	 | The length of the previous master key in |
     |				 | bytes.				    |
     |___________________________|__________________________________________|
     |Old_Master_Key		 | The previous master key in hex string    |
     |				 | format.				    |
     |___________________________|__________________________________________|
     |Obj_Acl_Def_Cell_Name	 | The default cell name of the policy	    |
     |				 | object ACL.				    |
     |___________________________|__________________________________________|
     |Num_Acl_Entries		 | The number of entries in the policy	    |
     |				 | object ACL.				    |
     |___________________________|__________________________________________|
     |Obj_Acl_Entry*+		 | The contents of the policy object ACL.   |
     |___________________________|__________________________________________|

      * These fields may appear multiple times in succession.

      + If a stored UUID doesn't map to a name required for this field, the
      UUID will be displayed.















 Hewlett-Packard Company	   - 23 -	      OSF DCE 1.1/HP DCE 1.8






 sec_salvage_db(1m)	  Open Software Foundation	  sec_salvage_db(1m)




 Table 0-0.  rgy_state.prt File Fields


       ___________________________________________________________________
       |Field Name	       | Field Values				  |
       |_______________________|__________________________________________|
       |Rgy_State_File_Version | The integer version number of the format |
       |		       | of the rgy_state file.			  |
       |_______________________|__________________________________________|
       |Replica_State	       | The state of the master registry:	  |
       |		       | unknown_to_master, uninitialized,	  |
       |		       | in_service, in_maintenance, closed,	  |
       |		       | deleted, or initializing.		  |
       |_______________________|__________________________________________|
       |Cell_UUID	       | The UUID of cell in which the secd	  |
       |		       | resides.				  |
       |_______________________|__________________________________________|
       |Server_UUID	       | The UUID of this secd.			  |
       |_______________________|__________________________________________|
       |Initialization_UUID    | The UUID of the last initialization	  |
       |		       | event.					  |
       |_______________________|__________________________________________|
       |Master_File_Version    | The version number of the master	  |
       |		       | replica.				  |
       |_______________________|__________________________________________|
       |Master_Known_Flag      | An indicate of whether or not the master |
       |		       | replica is know to this replica:	  |
       |		       | true=known, false=not known.  Only if	  |
       |		       | this field is true do the other master	  |
       |		       | field contain valid information.	  |
       |_______________________|__________________________________________|
       |Master_UUID	       | The UUID of the master replica.	  |
       |_______________________|__________________________________________|
       |Master_Seqno	       | The 2-digit sequence number of the event |
       |		       | when the master became the master in n.n |
       |		       | format.				  |
       |_______________________|__________________________________________|

















 Hewlett-Packard Company	   - 24 -	      OSF DCE 1.1/HP DCE 1.8






 sec_salvage_db(1m)	  Open Software Foundation	  sec_salvage_db(1m)




 Table 0-0.  replica.prt File Fields


	 ________________________________________________________________
	 |Field Name	      | Field Values				 |
	 |____________________|__________________________________________|
	 |Record_Number	      | The sequential number of the record in	 |
	 |		      | the database.				 |
	 |____________________|__________________________________________|
	 |Replica_UUID	      | The UUID listed for the replica in the	 |
	 |		      | replica list.				 |
	 |____________________|__________________________________________|
	 |Replica_Name	      | The name of the replica as known to the	 |
	 |		      | Cell Directory Service.			 |
	 |_		      |						 |
	 |Num_Towers	      | The number of towers.			 |
	 |____________________|__________________________________________|
	 |Tower_Length*	      | The Length of the next tower (in bytes). |
	 |____________________|__________________________________________|
	 |Tower*	      | The tower used to communicate with the	 |
	 |		      | replica (a byte stream that can be	 |
	 |		      | broken on word boundaries).		 |
	 |____________________|__________________________________________|
	 |Propagation_Type    | An indication of whether the replica is	 |
	 |		      | initialized, initializing, in the	 |
	 |		      | process of being updated, or in the	 |
	 |		      | process of being deleted.		 |
	 |____________________|__________________________________________|
	 |Initialization_UUID | UUID of the last initialization.	 |
	 |____________________|__________________________________________|

      * These fields may appear multiple times in succession.

 NOTES
      This reference page is the version that was included in the DCE 1.0.3
      Command Reference, updated with information about the -dce1.0.3
      option.  It is not guaranteed to correspond exactly to the DCE 1.1
      usage.

 ERROR CONDITIONS
      You will receive the following error message if the default rgy_data
      directory is being used and there is an advisory lock on the rgy_state
      data file:

      egistry: Error - database is locked.  Put secd into maintenance mode
	  or clear advisory lock on rgy_state file in db_pathname


      The existence of the advisory lock implies that secd is in service.
      Use the sec_admin command to put secd in maintenance mode. If secd is
      not running, the advisory lock may be the result of an ungraceful



 Hewlett-Packard Company	   - 25 -	      OSF DCE 1.1/HP DCE 1.8






 sec_salvage_db(1m)	  Open Software Foundation	  sec_salvage_db(1m)




      shutdown of secd. To remove the advisory lock, use mv to rename the
      dcelocal/var/security/rgy_data/rgy_state file, change it back to the
      original name.  Then, re-run the sec_salvage_db command.



















































 Hewlett-Packard Company	   - 26 -	      OSF DCE 1.1/HP DCE 1.8