The registry is the DCE security database. It contains information similar to that found in UNIX group and password files, so it contains all the security-relevant information about all the entities with the cell. The registry can be divided into four parts:
· Principals
Every entity that wishes to participate in an authenticated transaction within a DCE cell requires a principal. Each principal has an identifier number (ID) much like standard UIDs in UNIX. A principal's ID is also used in the determination of access control to DCE objects. In the DCE Director, the term user is used to refer to principals, servers, machines, and cells.
· Groups
Principals can be organized together in groups. Groups are also assigned IDs, which correspond to UNIX GIDs. A group is a component of an account. A group ID is used to determine access control to DCE objects.
· Organizations
Organizations are an additional grouping of principals. They, too, have IDs, but unlike principal and group IDs, these IDs have no parallel in the UNIX system of identifiers, nor do they influence access control. An organization is a component of an account. Note that, in this release of the DCE Director, you cannot change the organization of an account.
· Accounts
An account is unique and is made up of a principal name, group name, and organization name. This is sometimes referred to as a PGO. Accounts are required for all entities that want to interact with the registry. Accounts also provide principals with authentication characteristics and network identity characteristics.