86 DCE Replacement Strategies
5.1 Introduction
IBM DCE 3.2 and IBM Tivoli Access Manager both support using an LDAP
directory to store data. This makes it possible for DCE and IBM Tivoli Access
Manager to share objects in LDAP. That is, DCE users and groups can have the
same Distinguished Name (DN) as IBM Tivoli Access Manager users and
groups. Otherwise, little is shared.
Specifically, the following are not shared:
Passwords
Unique IDs
User attributes
Most group attributes
The group membership attribute, however, can be shared:
Group membership attribute
Policy data can be shared in a limited way because policies are handled
differently between the technologies. DCE allows policies to be created, then
users are associated with a specific ...