Adding and Deleting Group Members
The following example shows the use of the dcecp group add command with the -member option to add mahler to the group symphonists and delete
strauss from the group symphonists:
dcecp> group add symphonists -member mahler dcecp> group remove symphonists -member mahler dcecp>
Note that you can add a member of a foreign cell to a local group by supplying the principal's fully qualified name. Members of an organization must be from the local cell only.
You can add and remove multiple members with one group add or group remove command. To do so, enclose the member names in quotes, separated by spaces. For example, to add the
principals bach, britten, and mahler to the group symphonists, you would enter the following:
dcecp> group add symphonists -member {bach britten mahler} dcecp>
In the unusual case where you are changing a host's group name information while the host is logged into a DCE cell, the existing host credentials will become invalid unless you perform extra steps
to update the host credentials with the new group name information.
Host credentials are managed by the secval process, which performs security client functions on a DCE host. Normally, just after the host starts, the secval process logs the host
into the DCE cell, getting the host credentials and storing them on the host. Deactivate and reactivate the secval process to update these credentials after changing the group name
information. The following example illustrates these operations on remote host persephone:
dcecp> secval deactivate /.:/hosts/persephone/config/secval dcecp> secval activate /.:/hosts/persephone/config/secval dcecp>
|