PreviousNext

Command Options for the registry connect Command

When you use the registry connect command, you must supply the fully qualified name of the foreign cell with which you will establish a peer-to-peer relationship. This name is stripped of the full path name, prefixed with krbtgt, and used as the primary name of the account's principal. For example, if you enter a cell name of /.../dresden.com, the principal name is krbtgt/dresden.com. The unchanged cell name is stored as the principal's full name.

Note that registry connect uses your local cell name for the primary name of the local cell's account principal. This name is stripped of the full pathname and prefixed with krbtgt, just as the foreign cell name is.

The following outlines additional information that you can supply to the registry connect command:

-acctvalid, -facctvalid
The setting that marks an account as being valid. A valid local account (-acctvalid) allows users from the foreign cell to log in to nodes in the local cell. A valid foreign account (-facctvalid) allows users from the local cell to log in to nodes in the foreign cell. The default is invalid for each option.

-expdate
The time and date that both the local and the foreign cell's account expires, and the peer-to-peer relationship is ended, prohibiting any further authenticated communications between principals in the two cells. To renew the account, change the date in this field. The default is none.

-facct, -facctpw
The system administrator in the foreign cell must provide you with the name and password of an account in the foreign cell. The foreign account must have the permissions that are required to create principals and accounts. You need the account to access the foreign registry in order to create the account that represents your cell in the foreign account's registry. The lifetime and creation quota of this account should be limited to only that necessary to complete the task.

-group, -fgroup
The group name to be associated with the account in the local cell (-group) and the foreign cell (-fgroup). These groups have no meaning for the accounts and are not associated with any users in the foreign or local cell. You must enter them because it is a requirement of the registry that all accounts be associated with groups. If the group does not exist, it will be created.

-mypwd
The registry connect command does not prompt you for a password for the accounts that you are creating; it generates this password randomly. However, you must supply your password with the mypw option as to validate your identity.

-org, -forg
The organization name to be associated with the account in the local cell (-org) and the foreign cell (-forg). These organizations have no meaning for the accounts and are not associated with any users in the foreign or local cell. You must enter them because it is a requirement of the registry that all accounts be associated with organizations. If the organization does not exist, it will be created.