UAI$_ACCOUNT
Sets, as a blank-padded 32-character string, the account name of the
user.
An account name can include up to 8 characters. Because the account
name is a blank-filled string, however, the buffer length field of the
item descriptor should specify 32 (bytes).
UAI$_ASTLM
Sets the AST queue limit.
Because this decimal number is a word in length, the buffer length
field in the item descriptor should specify 2 (bytes).
UAI$_BATCH_ACCESS_P
Sets, as a 3-byte value, the range of times during which batch access
is permitted for primary days. Each bit set represents a 1-hour period,
from bit 0 as midnight to 1 a.m., to bit 23 as 11 p.m. to midnight.
The buffer length field in the item descriptor should specify 3 (bytes).
UAI$_BATCH_ACCESS_S
Sets, as a 3-byte value, the range of times during which batch access
is permitted for secondary days. Each bit set represents a 1-hour
period, from bit 0 as midnight to 1 a.m., to bit 23 as 11 p.m. to
midnight.
The buffer length field in the item descriptor should specify 3 (bytes).
UAI$_BIOLM
Sets the buffered I/O count limit.
Because this decimal number is a word in length, the buffer length
field in the item descriptor should specify 2 (bytes).
UAI$_BYTLM
Sets the buffered I/O byte limit.
Because the buffered I/O count limit is a longword decimal number, the
buffer length field in the item descriptor should specify 4 (bytes).
UAI$_CLITABLES
Sets, as a character string, the name of the user-defined CLI table for
the account, if any.
Because the CLI table name can include up to 31 characters plus a
size-byte prefix, the buffer length field of the item descriptor should
specify 32 (bytes).
UAI$_CPUTIM
Sets the maximum CPU time limit (per session) for the process in
10-millisecond units.
Because the maximum CPU time limit is a longword decimal number, the
buffer length field in the item descriptor should specify 4 (bytes).
UAI$_DEFCLI
Sets, as an OpenVMS RMS file name component, the name of the command
language interpreter used to execute the specified batch job. The file
specification set assumes the device name and directory SYS$SYSTEM and
the file type .EXE.
Because a file name can include up to 31 characters plus a size-byte
prefix, the buffer length field in the item descriptor should specify
32 (bytes).
UAI$_DEFDEV
Sets, as a 1- to 31-character string, the name of the default device.
Because the device name string can include up to 31 characters plus a
size-byte prefix, the buffer length field in the item descriptor should
specify 32 (bytes).
UAI$_DEFDIR
Sets, as a 1- to 63-character string, the name of the default directory.
Because the directory name string can include up to 63 characters plus
a size-byte prefix, the buffer length field in the item descriptor
should specify 64 (bytes).
UAI$_DEF_PRIV
Sets, as a quadword value, the default privileges for the user.
Because the default privileges are set as a quadword value, the buffer
length field in the item descriptor should specify 8 (bytes).
UAI$_DFWSCNT
Sets, in pages (on VAX systems) or pagelets (on Alpha and I64 systems),
the default working set size.
Because the default working set size is a longword decimal number, the
buffer length field in the item descriptor should specify 4 (bytes).
UAI$_DIALUP_ACCESS_P
Sets, as a 3-byte value, the range of times during which dialup access
is permitted for primary days. Each bit set represents a 1-hour period,
from bit 0 as midnight to 1 a.m., to bit 23 as 11 p.m. to midnight.
The buffer length field in the item descriptor should specify 3 (bytes).
UAI$_DIALUP_ACCESS_S
Sets, as a 3-byte value, the range of times during which dialup access
is permitted for secondary days. Each bit set represents a 1-hour
period, from bit 0 as midnight to 1 a.m., to bit 23 as 11 p.m. to
midnight.
The buffer length field in the item descriptor should specify 3 (bytes).
UAI$_DIOLM
Sets the direct I/O count limit.
Because this decimal number is a word in length, the buffer length
field in the item descriptor should specify 2 (bytes).
UAI$_ENCRYPT
Sets one of the values shown in the following table to identify the
encryption algorithm for the primary password:
Symbolic Name |
Description |
UAI$C_AD_II
|
Uses a CRC algorithm and returns a longword hash value. It was used in
VAX VMS releases prior to Version 2.0.
|
UAI$C_PURDY
|
Uses a Purdy algorithm over salted input. It expects a blank-padded
user name and returns a quadword hash value. This algorithm was used
during VAX VMS Version 2.0 field test.
|
UAI$C_PURDY_V
|
Uses the Purdy algorithm over salted input. It expects a
variable-length user name and returns a quadword hash value. This
algorithm was used in VMS releases prior to Version 5.4.
|
UAI$C_PURDY_S
|
Uses the Purdy algorithm over salted input. It expects a
variable-length user name and returns a quadword hash value. This is
the current algorithm that the operating system uses for all new
password changes.
|
UAI$C_PREFERED_ALGORITHM
|
Represents the latest encryption algorithm that the operating system
uses to encrypt new passwords. Currently, it equates to UAI$C_PURDY_S.
HP recommends that you use this symbol in source modules.
|
Because the encryption algorithm is a byte in length, the buffer length
field in the item descriptor should specify 1 (byte).
UAI$_ENCRYPT2
Sets one of the following values, indicating the encryption algorithm
for the secondary password. Refer to the UAI$_ENCRYPT item code for a
description of the algorithms.
UAI$C_AD_II
UAI$C_PURDY
UAI$C_PURDY_V
UAI$C_PURDY_S
UAI$C_PREFERED_ALGORITHM
UAI$_ENQLM
Sets the lock queue limit.
Because this decimal number is a word in length, the buffer length
field in the item descriptor should specify 2 (bytes).
UAI$_EXPIRATION
Sets, as a quadword absolute time value, the expiration date and time
of the account.
Because the absolute time value is a quadword in length, the buffer
length field in the item descriptor should specify 8 (bytes).
UAI$_FILLM
Sets the open file limit.
Because this decimal number is a word in length, the buffer length
field in the item descriptor should specify 2 (bytes).
UAI$_FLAGS
Sets, as a longword bit vector, the various login flags set for the
user.
Each flag is represented by a bit. The $UAIDEF macro defines the
following symbolic names for these flags:
Symbol |
Description |
UAI$V_AUDIT
|
All actions are audited.
|
UAI$V_AUTOLOGIN
|
User can only log in to terminals defined by the Automatic Login
facility (ALF).
|
UAI$V_CAPTIVE
|
User is restricted to captive account.
|
UAI$V_DEFCLI
|
User is restricted to default command interpreter.
|
UAI$V_DISACNT
|
User account is disabled. Same as /FLAG = DISUSER qualifier in
AUTHORIZE.
|
UAI$V_DISCTLY
|
User cannot use Ctrl/Y.
|
UAI$V_DISFORCE_PWD_CHANGE
|
User will not be forced to change expired passwords at login.
|
UAI$V_DISIMAGE
|
User cannot issue the RUN or MCR commands or use the foreign command
mechanism in DCL.
|
UAI$V_DISMAIL
|
Announcement of new mail is suppressed.
|
UAI$V_DISPWDDIC
|
Automatic checking of user-selected passwords against the system
dictionary is disabled.
|
UAI$V_DISPWDHIS
|
Automatic checking of user-selected passwords against previously used
passwords is disabled.
|
UAI$V_DISRECONNECT
|
User cannot reconnect to existing processes.
|
UAI$V_DISREPORT
|
User will not receive last login messages.
|
UAI$V_DISWELCOME
|
User will not receive the login welcome message.
|
UAI$V_EXTAUTH
|
User is considered externally authenticated by an external user ID and
password and not by the SYSUAF user name and password. The SYSUAF
record is still used for checking login restrictions and quotas and for
creating the user's OpenVMS process profile.
|
UAI$V_GENPWD
|
User is required to use generated passwords.
|
UAI$V_LOCKPWD
|
SET PASSWORD command is disabled.
|
UAI$V_MIGRATEPWD
|
User's SYSUAF password was set using AUTHORIZE or SYS$SETUAI and is
likely to be inconsistent with the user's external user password. If
password migration is enabled, the system will attempt to update the
external authorization service the next time the user attempts a login.
|
UAI$V_NOMAIL
|
Mail delivery to user is disabled.
|
UAI$V_PWD_EXPIRED
|
Primary password is expired.
|
UAI$V_PWD2_EXPIRED
|
Secondary password is expired.
|
UAI$V_RESTRICTED
|
User is limited to operating under a restricted account. Clear the
CAPTIVE flag (UAI$V_CAPTIVE), if set, before setting the RESTRICTED
flag. (Refer to the HP OpenVMS Guide to System Security for a description of restricted and
captive accounts.)
|
UAI$_JTQUOTA
Sets the initial byte quota with which the jobwide logical name table
is to be created.
Because this quota is a longword decimal number, the buffer length
field in the item descriptor should specify 4 (bytes).
UAI$_LASTLOGIN_I
Sets, as a quadword absolute time value, the date of the last
interactive login.
UAI$_LASTLOGIN_N
Sets, as a quadword absolute time value, the date of the last
noninteractive login.
UAI$_LGICMD
Sets, as an OpenVMS RMS file specification, the name of the default
login command file.
Because a file specification can include up to 63 characters plus a
size-byte prefix, the buffer length field of the item descriptor should
specify 64 (bytes).
UAI$_LOCAL_ACCESS_P
Sets, as a 3-byte value, the range of times during which local
interactive access is permitted for primary days. Each bit set
represents a 1-hour period, from bit 0 as midnight to 1 a.m., to bit 23
as 11 p.m. to midnight.
The buffer length field in the item descriptor should specify 3 (bytes).
UAI$_LOCAL_ACCESS_S
Sets, as a 3-byte value, the range of times during which local
interactive access is permitted for secondary days. Each bit set
represents a 1-hour period, from bit 0 as midnight to 1 a.m., to bit 23
as 11 p.m. to midnight.
The buffer length field in the item descriptor should specify 3 (bytes).
UAI$_LOGFAILS
Sets the count of login failures.
Because this decimal number is a word in length, the buffer length
field in the item descriptor should specify 2 (bytes).
UAI$_MAXACCTJOBS
Sets the maximum number of batch, interactive, and detached processes
that can be active at one time for all users of the same account. The
value 0 represents an unlimited number.
Because this decimal number is a word in length, the buffer length
field in the item descriptor should specify 2 (bytes).
UAI$_MAXDETACH
Sets the detached process limit. The value 0 represents an unlimited
number.
Because this decimal number is a word in length, the buffer length
field in the item descriptor should specify 2 (bytes).
UAI$_MAXJOBS
Sets the active process limit. A value of 0 represents an unlimited
number.
Because this decimal number is a word in length, the buffer length
field in the item descriptor should specify 2 (bytes).
UAI$_NETWORK_ACCESS_P
Sets, as a 3-byte value, the range of times during which network access
is permitted for primary days. Each bit set represents a 1-hour period,
from bit 0 as midnight to 1 a.m., to bit 23 as 11 p.m. to midnight.
The buffer length field in the item descriptor should specify 3 (bytes).
UAI$_NETWORK_ACCESS_S
Sets, as a 3-byte value, the range of times during which network access
is permitted for secondary days. Each bit set represents a 1-hour
period, from bit 0 as midnight to 1 a.m., to bit 23 as 11 p.m. to
midnight.
The buffer length field in the item descriptor should specify 3 (bytes).
UAI$_OWNER
Sets, as a character string, the name of the owner of the account.
Because the owner name can include up to 31 characters plus a size-byte
prefix, the buffer length field of the item descriptor should specify
32 (bytes).
UAI$_PASSWORD
Sets the specified plaintext string as the primary password for the
user and updates the primary password change date. You must have SYSPRV
privilege to set passwords for any user account (including your own).
The UAI$_PASSWORD and UAI$_PASSWORD2 item codes provide the building
blocks for designing a site-specific SET PASSWORD utility. Note that if
you create such a utility, you should also set the LOCKPWD bit in the
user authorization file (UAF) to prevent users from using the DCL
command SET PASSWORD and to prevent the LOGINOUT process from forcing
password changes. If you create a site-specific SET PASSWORD utility,
install the utility with SYSPRV privilege.
You must adhere to the following guidelines when specifying a password
with UAI$_PASSWORD or UAI$_PASSWORD2:
- The password must meet the minimum password length defined for the
user account.
- The password cannot exceed 32 characters in length.
- The password must be different from the previous password.
To clear the primary password, specify the value 0 in the buffer length
field.
When you use $SETUAI to change the password on an account that has the
UAI$V_EXTHAUTH flag set, the UAI$V_MIGRATEPWD flag is set automatically.
Note
If you specify UAI$_PASSWORD, the UAI$_PWD_DATE item is ignored.
|
UAI$_PASSWORD2
Sets the specified plaintext string as the secondary password for the
user and updates the secondary password change date. You must have
SYSPRV privilege to set passwords for any user account (including your
own).
To clear the secondary password, specify the value 0 in the buffer
length field.
Note
If you specify UAI$_PASSWORD2, the UAI$_PWD2_DATE item is ignored.
|
UAI$_PBYTLM
Sets the paged buffer I/O byte count limit.
Because the paged buffer I/O byte count limit is a longword decimal
number, the buffer length field in the item descriptor should specify 4
(bytes).
UAI$_PGFLQUOTA
Sets, in pages (on VAX systems) or pagelets (on Alpha and I64 systems),
the paging file quota.
Because the paging file quota is a longword decimal number, the buffer
length field in the item descriptor should specify 4 (bytes).
UAI$_PRCCNT
Sets the subprocess creation limit.
Because this decimal number is a word in length, the buffer length
field in the item descriptor should specify 2 (bytes).
UAI$_PRI
Sets the default base priority.
Because this decimal number is a byte in length, the buffer length
field in the item descriptor should specify 1 (byte).
UAI$_PRIMEDAYS
Sets, as a byte bit vector, the primary and secondary days of the week.
Each bit represents a day of the week, with the bit clear representing
a primary day and the bit set representing a secondary day. The $UAIDEF
macro defines the following symbolic names for these bits:
UAI$V_MONDAY
UAI$V_TUESDAY
UAI$V_WEDNESDAY
UAI$V_THURSDAY
UAI$V_FRIDAY
UAI$V_SATURDAY
UAI$V_SUNDAY
UAI$_PRIV
Sets, as a quadword value, the names of the privileges that the user
holds.
Because the privileges are set as a quadword value, the buffer length
field in the item descriptor should specify 8 (bytes).
UAI$_PWD
Sets, as a quadword value, the hashed primary password of the user.
Because the hashed primary password is set as a quadword value, the
buffer length field in the item descriptor should specify 8 (bytes).
When you use $SETUAI to change the password on an account that has the
UAI$V_EXTHAUTH flag set, the UAI$V_MIGRATEPWD flag is set automatically.
UAI$_PWD_DATE
Sets, as a quadword absolute time value, the date of the last password
change.
Because this value is a quadword in length, the buffer length field in
the item descriptor should specify 8 (bytes).
A value of --1 indicates that the password could be marked as
preexpired.
Note
If you specify UAI$_PASSWORD, the UAI$_PWD_DATE item is ignored.
|
UAI$_PWD_LENGTH
Sets the minimum password length.
Because this decimal number is a byte in length, the buffer length
field in the item descriptor should specify 1 (byte).
UAI$_PWD_LIFETIME
Sets, as a quadword delta time value, the password lifetime.
Because this value is a quadword in length, the buffer length field in
the item descriptor should specify 8 (bytes).
A quadword of 0 means that none of the password mechanisms will take
effect.
UAI$_PWD2
Sets, as a quadword value, the hashed secondary password of the user.
Because the hashed secondary password is set as a quadword value, the
buffer length field in the item descriptor should specify 8 (bytes).
UAI$_PWD2_DATE
Sets, as a quadword absolute time value, the last date the secondary
password was changed.
Because this value is a quadword in length, the buffer length field in
the item descriptor should specify 8 (bytes).
A value of --1 indicates that the password could be marked as
preexpired.
Note
If you specify UAI$_PASSWORD2, the UAI$_PWD2_DATE item is ignored.
|
UAI$_QUEPRI
Sets the maximum job queue priority in the range 0 through 31.
Because this decimal number is a byte in length, the buffer length
field in the item descriptor should specify 1 (byte).
UAI$_REMOTE_ACCESS_P
Sets, as a 3-byte value, the range of times during which batch access
is permitted for primary days. Each bit set represents a 1-hour period,
from bit 0 as midnight to 1 a.m., to bit 23 as 11 p.m. to midnight.