162 DCE Replacement Strategies
Now the IBM Network Authentication Service can gather information about
the DCE user. The following command shows attributes of the user object
concerning IBM Network Authentication Service. Note that the kadmin.local
command can be executed directly on KDC server without Kerberos
authentication:
kadmin.local -q “getprinc <user name>“
Adding a group
Adding a group is simple and can be done following these steps:
1. Add a group using DCE command:
dcecp> group create <group name> -inprojlist yes
2. Import the group using IBM Tivoli Access Manager commands in order to add
the attributes that are specific to the IBM Tivoli Access Manager:
pdadmin> group import <group name> <group DN>
The import of the DCE group can be v ...