The Accounts Created by the registry connect Command
The accounts and principals that are created by the registry connect command are given default attribute values listed in the following table. These attributes apply to all foreign principals when they access objects in your cell. Likewise, the attributes of the account created for your cell in the foreign cell apply to all principals in your cell when they access objects in the foreign cell.
Default Attribute Values of Cross-Cell Authorization Principals and Accounts
| Information | Meaning |
| Account Principal Name | The local cell name for the local cell's account, or foreign cell name for the foreign cell's account stripped of its full pathname and prefixed with krbtgt. |
| fullname | The cell's pathname. |
| quota | Set to none. This quota applies to all principals who use the cross-cell authentication accounts to access objects in foreign cells. For example, if you change the object creation quota to 10, the total number of objects that can be created in your cell's registry by all foreign users who use the account to access your cell cannot exceed 10. It is not 10 per foreign principal. The object creation quota that is set for your cell's account in the foreign cell places the same restriction on the number of objects that your cell's principals can create in the foreign cell's registry. |
| description, home, shell | Set to blank. |
| server | Set to yes; that is, the account is a server that can engage in authenticated communications. |
| client | Set to no. |
| pwdvalid | Set to yes (valid). |
| acctvalid | Set to no (not valid) unless the -acctvalid and -facctvalid options are used. |
| postdatedtkt | Set to yes; that is, the account can be issued tickets with a start time in the future. |
| forwardabletkt | Set to yes; that is, the account can be issued a new ticket-granting ticket with a network address that is different than the present ticket-granting ticket. |
| renewabletkt | Set to yes; that is, the account's tickets can be renewed. |
| proxiabletkt | Set to yes; that is, the account can be issued tickets with a different network address than the present tickets. |
| dupkey | Set to yes; that is, the account's ticket can have duplicate keys. |
| goodsince | Set to the date that the account was created. |
| maxtktlife | Set to the registry policy. |
| maxtktrenew | Set to the registry policy. The maxtktrenew attribute is not currently used by the DCED; any use of this option is unsupported at the present time. |