Previous | Contents | Index |
When you modify a password, the new password expires automatically; it is valid only once (unless you specify /NOPWDEXPIRED). On login, users are forced to change their passwords (unless you specify /FLAGS=DISFORCE_PWD_CHANGE).
Note that the /GENERATE_PASSWORD and /PASSWORD qualifiers are mutually exclusive.
The ADD/ADD_IDENTIFIER command, however, adds a user account to the authorization file, SYSUAF, and also adds an identifier to the rights database, RIGHTSLIST.DAT.
Uppercase and lowercase characters are equivalent. All lowercase characters are converted to uppercase before the password is encrypted. Avoid using the word password as the actual password.
Use the /PASSWORD qualifier as follows:
When you modify a password, the new password expires automatically; it is valid only once (unless you specify /NOPWDEXPIRED). On login, the user is forced to change the password (unless you specify /FLAGS=DISFORCE_PWD_CHANGE).
Note that the /GENERATE_PASSWORD and /PASSWORD qualifiers are mutually exclusive.
If decompressing libraries, make sure to set PGFLQUOTA to twice the size of the library.
By default, primary days are Monday through Friday and secondary days are Saturday and Sunday. If you omit a day from the list, AUTHORIZE uses the default value. (For example, if you omit Monday from the list, AUTHORIZE defines Monday as a primary day.)
Use the primary and secondary day definitions in conjunction with such qualifiers as /ACCESS, /INTERACTIVE, and /BATCH.
To prevent a password from expiring, specify the time as NONE. By default, a password expires in 90 days.
Each user must have a unique UIC. By default, the UIC value is [200,200].
The value cannot be greater than WSMAX. This quota value replaces smaller values of PQL_MWSDEFAULT.
The value is an integer equal to or greater than WSQUOTA. By default,
the value is 16384 pagelets on Alpha and Integrity server systems. The
value cannot be greater than WSMAX. This quota value replaces smaller
values of
PQL_MWSEXTENT.
The value cannot be greater than the value of WSMAX and cannot exceed 8,192 pagelets on Alpha and Integrity server systems. This quota value replaces smaller values of PQL_MWSQUOTA.
Modify the DEFAULT record when qualifiers normally assigned to a new user differ from the HP-supplied values. The following qualifiers correspond to fields in the default record that are commonly modified:
UAF> DEFAULT /DEVICE=SYS$USER/LGICMD=SYS$MANAGER:SECURELGN - _UAF> /PRIVILEGES=(TMPMBX,GRPNAM,GROUP) %UAF-I-MDFYMSG, user record(s) updated |
The command in this example modifies the DEFAULT record, changing the default device, default login command file, and default privileges.
Enables you to exit from AUTHORIZE and return to DCL command level. You can also return to command level by pressing Ctrl/Z.
EXIT
None.
None.
Assigns the specified identifier to the user and documents the user as a holder of the identifier in the rights database.
GRANT/IDENTIFIER id-name user-spec
id-name
Specifies the identifier name. The identifier name is a string of 1 to 31 alphanumeric characters that can contain underscores and dollar signs. The name must contain at least one nonnumeric character.user-spec
Specifies the UIC identifier that uniquely identifies the user on the system. This type of identifier appears in alphanumeric format. For example: [GROUP1,JONES].
/ATTRIBUTES=(keyword[,...])
Specifies attributes to be associated with the identifier. The following are valid keywords:
DYNAMIC Allows unprivileged holders of the identifier to remove and to restore the identifier from the process rights list by using the DCL command SET RIGHTS_LIST. HOLDER_HIDDEN Prevents people from getting a list of users who hold an identifier, unless they own the identifier themselves. NAME_HIDDEN Allows holders of an identifier to have it translated, either from binary to ASCII or from ASCII to binary, but prevents unauthorized users from translating the identifier. NOACCESS Makes any access rights of the identifier null and void. If a user is granted an identifier with the No Access attribute, that identifier has no effect on the user's access rights to objects. This attribute is a modifier for an identifier with the Resource or Subsystem attribute. RESOURCE Allows holders of an identifier to charge disk space to the identifier. Used only for file objects. SUBSYSTEM Allows holders of the identifier to create and maintain protected subsystems by assigning the Subsystem ACE to the application images in the subsystem. Used only for file objects. To remove an attribute from the identifier, add a NO prefix to the attribute keyword. For example, to remove the Resource attribute, specify /ATTRIBUTES=NORESOURCE.
UAF> GRANT/IDENTIFIER INVENTORY [300,015] %UAF-I-GRANTMSG, identifier INVENTORY granted to CRAMER |
The command in this example grants the identifier INVENTORY to the user named Cramer who has UIC [300,015]. Cramer becomes the holder of the identifier and any resources associated with it. The following command produces the same result:
UAF> GRANT/IDENTIFIER INVENTORY CRAMER
Displays information concerning the use of AUTHORIZE, including formats and explanations of commands, parameters, and qualifiers.
HELP [keyword[,...]]
keyword[,...]
Specifies one or more keywords that refer to the topic, command, qualifier, or parameter on which you want information from the AUTHORIZE HELP command.
None.
If you do not specify a keyword, HELP displays information about the topics and commands for which help is available. It then prompts you with "Topic?". You can supply a topic or a command name, or press Return. When you specify a command name and qualifiers, you get detailed information about that command. If you respond by pressing Return, you exit from help. You can also exit from help by pressing Ctrl/Z.If the command you request accepts qualifiers, the display of the help information about the command is followed by the prompt "Subtopic?". Respond to this prompt with a qualifier name, or press Return. If you respond by pressing Return, HELP prompts with "Topic?". If you want to exit from help directly from this level, press Ctrl/Z.
#1 |
---|
UAF> HELP ADD |
The HELP command in this example displays information about the ADD command:
ADD Adds a user record to the SYSUAF and corresponding identifiers to the rights database. Format ADD newusername Additional information available: Parameter Qualifiers /ACCESS /ACCOUNT /ADD_IDENTIFIER /ALGORITHM /ASTLM /BATCH /BIOLM /BYTLM /CLI /CLITABLES /CPUTIME /DEFPRIVILEGES /DEVICE /DIALUP /DIOLM /DIRECTORY /ENQLM /EXPIRATION /FILLM /FLAGS /GENERATE_PASSWORD /INTERACTIVE /JTQUOTA /LGICMD /LOCAL /MAXACCTJOBS /MAXDETACH /MAXJOBS /NETWORK /OWNER /PASSWORD /PBYTLM /PGFLQUOTA /PRCLM /PRIMEDAYS /PRIORITY /PRIVILEGES /PWDEXPIRED /PWDLIFETIME /PWDMINIMUM /REMOTE /SHRFILLM /TQELM /UIC /WSDEFAULT /WSEXTENT /WSQUOTA Examples /IDENTIFIER /PROXY ADD Subtopic?
#2 |
---|
UAF> HELP ADD/ACCOUNT |
The command in this example displays information about the /ACCOUNT qualifier:
ADD /ACCOUNT=account-name Specifies the default name for the account (for example, a billing name or number). The name can be a string of 1 to 8 alphanumeric characters. By default, AUTHORIZE does not assign an account name.
Writes reports for selected UAF records to a listing file, SYSUAF.LIS, which is placed in the current default directory.
Note
LIST/IDENTIFIER, LIST/PROXY, and LIST/RIGHTS are documented as separate commands.
LIST [user-spec]
user-spec
Specifies the user name or UIC of the requested UAF record. Without the user-spec parameter, AUTHORIZE lists the user records of all users. The asterisk (*) and percent sign (%) wildcards are permitted in the user name.
/BRIEF
Specifies that a brief report be written to SYSUAF.LIS. The /BRIEF qualifier is the default qualifier. SYSUAF.LIS is placed in the default directory./FULL
Specifies that a full report be written to SYSUAF.LIS, including identifiers held by the user. SYSUAF.LIS is placed in the SYS$SYSTEM directory.
The LIST command creates a listing file of reports for selected UAF records. Print the listing file, SYSUAF.LIS, with the DCL command PRINT.Specification of a user name results in a single-user report. Specification of the asterisk wildcard character following the LIST command results in reports for all users in ascending sequence by user name. Specification of a UIC results in reports for all users with that UIC. (HP recommends that you assign each user a unique UIC, but if users share a UIC, the report will show all users with that UIC.) You can use the asterisk wildcard character to specify the UIC.
The following table shows how to specify a UIC with the LIST command and use the asterisk wildcard character with the UIC specification to produce various types of reports:
Command Description LIST [14,6] Lists a full report for the user (or users) with member number 6 in group 14. LIST [14,*] /BRIEF Lists a brief report for all users in group 14, in ascending sequence by member number. LIST [*,6] /BRIEF Lists a brief report for all users with a member number of 6. LIST [*,*] /BRIEF Lists a brief report for all users, in ascending sequence by UIC. Although you must provide separate UICs for each user, the LIST command reports users with the same UIC in the order in which they were added to the SYSUAF. Full reports list the details of the limits, privileges, login flags, and command interpreter. Brief reports do not include the limits, login flags, or command interpreter, nor do they summarize the privileges. AUTHORIZE never displays the password for an account.
See the SHOW command for examples of brief and full reports.
#1 |
---|
UAF> LIST ROBIN/FULL %UAF-I-LSTMSG1, writing listing file %UAF-I-LSTMSG2, listing file SYSUAF.LIS complete |
This command lists a full report for the user record ROBIN.
#2 |
---|
UAF> LIST * %UAF-I-LSTMSG1, writing listing file %UAF-I-LSTMSG2, listing file SYSUAF.LIS complete |
This command results in brief reports for all users in ascending sequence by user name. Note, however, that this is the same result you would produce had you omitted the asterisk wildcard.
#3 |
---|
UAF> LIST [300,*] %UAF-I-LSTMSG1, writing listing file %UAF-I-LSTMSG2, listing file SYSUAF.LIS complete |
This command lists a brief report for all user records with a group UIC of 300.
Previous | Next | Contents | Index |