• Keine Ergebnisse gefunden

Comparing Registries

Im Dokument Administering Your DOMAIN System (Seite 89-92)

Each secure network that you joined has a separate registry structure. Once you've made a single network, you must identify and change any duplicate entries in the registry database: the ppo and account files.

Compare registries whenever you join secure networks into a single network. To compare registries, use the cmppo and cmacct commands according to the following format:

$ cmacct rgy1_path rgy2_path

These commands allow you to specify any of the following registry pathnames:

IInode/registry/rgy_master. This file contains the name of the master registry file and the names of all site directories in the network. The file should list all current registry sites.

IInode/registry/registry. If you specify any node's copy of the master registry, cmppo and cmacct use the master registry listed in the node's /registry/registry file. Use lrgy to see the contents of a node's copy of the master registry, since the local file can be out of date.

IInode_name. If you specify any node entry directory, cmppo and cmacct use the master registry listed in the node's /registry/registry file. Use lrgy to see the contents of a node's copy of the master registry, since the local file can be out of date.

Table 4-S lists the commands for comparing registries.

Table 4-5. Commands for Comparing Registries

Command Purpose

cmacct Compares the contents of account files and reports accounts that are associated with different home directories and passwords. Usedacct to resolve collisions.

cmppo Compares the contents of ppo files and reports names that appear in both sets of ppo files and are associated with different UIDs. Use thfedppo change command to change one of the names.

- pers Compares person files only - proj Compares project files only - org Compares organization files only - all Compares all files

When you join two or more networks, each network had its oWn registry. You must identify and change any duplicate entries in these registries.

If the same name appears in two or more sets of ppo files, you must. change the name in one of the registries. For example, if the name "Smith" appears in both registries' person files, use the edppo change command to change the name in one of the registries. Do not delete the name in either registry. Every name in the ppo files has a unique ID. The ID is included in the ACLs for objects that a user creates. If you delete rather than change names, users may be unable to access objects they've created.

If the name "Smith" appears in both person files, you must replace one instance of "Smith" with another name; for example, .. JSmith." When a person name belongs to a single user who decides to keep one account and delete the other account, the user must change the ACLs on objects created by the account that will be deleted. The new ACLs must allow access from the account that will be kept.

NOTE: If cmppo finds duplicate names, make all the changes to one registry. Whenever you change any ppo files, you may outdate information in local registries for nodes that used those ppo files. Thus, if you change ppo files at one registry only, you minimize the number of nodes whose local registries are affected.

PROCEDURE 4-8~ Comparing ppo Flies Perform the following steps to compare two registries.

1. Use the cmppo command with the -pers option to compare the person files for each registry.

$ cmppo Iltulip/registry/rgy _master Ilbear/registry/rgy _master -pers Names with different ids found in both registries PERSON file:

martin smith

2 names

2. If cmppo -pers finds duplicate person names, use edppo -r to make changes to one registry'S person file.

$ edppo -r IItulip/reglstry/rgy_master -pers

=> 1

martin root smith sys-person user

=> c martin bmartin

=> c smi th msmi th

=> 1

bmartin msmith root sys-person user

=>wr

3. Repeat Step 1 to verify the change you just made to the person file.

$ cmppo Iltulip/registry/rgy _master Ilbear/registry/rgy _master -pers

No names with different ids found in both registries PERSON file 4. Use the cmppo command with the -proj option to compare the project files. As with the

person file, do not delete duplicate names. Change them with edppo as shown in Step 2.

$ cmppo Iltulip/registry/rgy _master Ilbear/registry/rgy _master -proj

~ "'-

... /

c'

( ~ ,

\.

o

o

o o

o

5. Use the cmppo command with the -org option to compare the organization files. As with the . person and project files, do not delete duplicate names. Change them with edppo as shown in

Step 2.

$ cmppo IItulip/registry/rgy_master IIbear/registry/rgy_master -org

6. Repeat Steps 1 to 5 as necessary; this depends on how many networks' or internets' registries you join to form a single registry.

END OF PROCEDURE 4-8.

Perform Procedure 4-9 if you made changes to ppo files. When you make changes to ppo files, local registries on some nodes may contain outdated information that will not be refreshed automatically.

The outdated information will not affect most users' ability to log in. However, any user whose ppo information changed can lose the ability to log in if either of the following conditions is true:

• The node cannot access any updated site directories.

• The node contains outdated information in its local ppo files.

To prevent problems, delete and recreate local registries that may contain outdated ppo files. If you know which nodes contain outdated ppo files, fix the local registries at those nodes. For example, if you changed a person name from "martin" to "bmartin," you can delete and recreate the local registries at the node(s) that "bmartin" uses. However, if you cannot identify the nodes that may be affected by the changes, (if you change project or organization names this is very likely), delete and recreate the local registries at each node that uses the registry site that contains new ppo files.

PROCEDURE 4-9. Fixing Local Registries Use the following commands to delete and recreate a local registry:

$ dlf Ilnode/registry/locaLregistry

$ dlt Ilnode/registry/locaLsite

$ crrgy -lac -r Ilnode

END OF PROCEDURE 4-9.

Compare the registry account files. If there is a duplicate entry, use edacct to delete one of the accounts. It is very likely that accounts like user.none.none will be duplicates. Procedure 4-10 gives you the steps for comparing these files.

PROCEDURE 4-10. Comparing Account Files 1. Use cmacct as shown. Type:

$ cmacct IItulip/registry/rgy_master IIbear/registry/rgy_master

Account user.none.none has different home directories: / //guest/use 1 account collision

2. If cmacct finds duplicate accounts, use edacct -r to make changes to one registry's account

Im Dokument Administering Your DOMAIN System (Seite 89-92)