VMS Help DCE_SECURITY, Admin Intro, DCE$IMPORT *Conan The Librarian (sorry for the slow response - running on an old VAX) |
The DCE IMPORT utility allows you to create principal and account entries in a DCE registry based on accounts in an existing OpenVMS authorization file. It is used for the following purposes: o To populate the DCE registry when a new DCE cell is first established o To add entries to an existing DCE registry when a new OpenVMS system joins an existing DCE cell o To add entries to an existing DCE registry when new users have joined an OpenVMS sytem that is already part of an existing DCE cell The DCE IMPORT utility also creates and maintains an exclude list. The exclude list contains the OpenVMS usernames of users who do not have, and do not require, a DCE account. This feature allows DCE IMPORT to skip over these users during DCE IMPORT operations. NOTE: The DCE IMPORT utility described in this section cannot be satisfied by the import function shipped with OSF DCE because of substantial differences between OpenVMS and UNIX user registry data. Passwords cannot be imported. Instead, the automatic synchronization feature that occurs during integrated login is used to import user passwords. See the Digital DCE for OpenVMS VAX and OpenVMS Alpha Reference Guide for detailed descriptions of the DCE IMPORT commands. RELATED INFORMATION COMMANDS: DCE$EXPORT
1 - File Info |
The DCE DCE IMPORT utility is shipped as an OpenVMS executable image named DCE$IMPORT.EXE. The image resides in the SYS$SYSTEM directory. The DCE IMPORT exclude file is named by default DCE$IMPORT_EXCLUDE.DAT and also resides in SYS$SYSTEM. You can change the name or location, or both, of this file by defining the logical name DCE$IMPORT_EXCLUDE to point to the new filename and location.
2 - Running IMPORT |
The DCE IMPORT utility allows system administrators to create principal and account entries in a DCE registry based on accounts in SYSUAF. Integrated Login provides two methods of running the DCE IMPORT utility, as follows. o By invoking the DCE IMPORT utility using a predefined symbol. $ IMPORT IMPORT> You can also specify a single DCE IMPORT command on the command line. Control returns to DCL after the command is executed. $ IMPORT command SYS$COMMON:[SYSMGR]DCE$DEFINE_REQUIRED_COMMANDS.COM defines the DCE symbol IMPORT which is used to invoke the DCE IMPORT utility. If this symbol is not defined in your environment, you can define the symbol as follows: $ IMPORT :== $SYS$SYSTEM:DCE$IMPORT o By issuing the RUN command. $ RUN SYS$SYSTEM:DCE$IMPORT IMPORT>
3 - Messages |
3.1 - IMP_ACCEXISTS
account for <principal> already exists in DCE Explanation: An attempt has been made to recreate an account for <principal> in the DCE registry. User Action: None. This is a warning indicating that this suboperation in the IMPORT operation was previously performed.
3.2 - IMP_ADDDCE
username <username> successfully imported into DCE Explanation: A DCE account has been successfully created for OpenVMS username <username>. User Action: None.
3.3 - IMP_ADDDCEACC
account for <principal> successfully added to DCE Explanation: A DCE account was successfully created for <principal>. User Action: None. This is an informational message displayed only if /INFORM is specified on the DCE IMPORT command line.
3.4 - IMP_ADDDCEPRN
principal <principal> successfully added to DCE Explanation: Principal <principal> record successfully created in the DCE registry. User Action: None. This is an informational message displayed only when /INFORM is specified on the DCE IMPORT command line.
3.5 - IMP_ADDDCEUAF
username <username> successfully added to DCE$UAF Explanation: Username <username> successfully added to the DCE$UAF file. User Action: None. This is an informational message displayed only if /INFORM is specified on the DCE IMPORT command line.
3.6 - IMP_BINDERR
error binding to DCE security registry Explanation: Unable to bind to the DCE security server. User Action: Note accompanying DCE error message for more details.
3.7 - IMP_CREDCEUAF
created new DCE$UAF file Explanation: A new DCE$UAF file was created. User Action: None.
3.8 - IMP_DCEERR
<DCE error message> Explanation: Accompanying DCE error message supplied with other DCE IMPORT error messages. User Action: Use this message to determine the cause of the problem.
3.9 - IMP_DCELOGIN
error in DCE login Explanation: An error occurred during DCE login. User Action: Enter a valid DCE username and password when prompted by DCE IMPORT.
3.10 - IMP_DCEUAFERR
error searching DCE$UAF Explanation: An error occurred while searching the DCE$UAF file. User Action: Note the accompanying error message for more details.
3.11 - IMP_DELACC
account for principal <principal> deleted from DCE Explanation: DCE account for <principal> was deleted from the DCE registry. This occurs when an atomic IMPORT operation fails during one of its suboperations. Such failure prompts a backout of all suboperations successfully performed during this IMPORT operation. Deleting the account is one such backout operation. User Action: None. This is an informational message displayed only when /INFORM is specified on the DCE IMPORT command line.
3.12 - IMP_DELDCEUAF
username <username> successfully deleted from DCE$UAF Explanation: Username <username> deleted from DCE$UAF file. User Action: None. This is an informational message displayed only if /INFORM is specified on the DCE IMPORT command line.
3.13 - IMP_DELFRGRP
principal <principal> from group <group> Explanation: Principal <principal> was deleted from <group> in the DCE registry. This occurs when an atomic IMPORT operation fails during one of its suboperations. Such failure prompts a backout of all suboperations successfully performed during this IMPORT operation. Deleting the principal from the group is one such backout operation. User Action: None. This is an informational message displayed only when /INFORM is specified on the DCE IMPORT command line.
3.14 - IMP_DELFRORG
principal <principal> deleted from organization <organization> Explanation: Principal <principal> was deleted from <organization> in the DCE registry. This occurs when an atomic IMPORT operation fails during one of its suboperations. Such failure prompts a backout of all suboperations successfully performed during this IMPORT operation. Deleting the principal from the organization is one such backout operation. User Action: None. This is an informational message displayed only when /INFORM is specified on the DCE IMPORT command line.
3.15 - IMP_DELPRN
principal <principal> deleted from DCE Explanation: Principal <principal> was deleted from the DCE registry. This occurs when an atomic IMPORT operation fails during one of its suboperations. Such failure prompts a backout of all suboperations successfully performed during this IMPORT operation. Deleting the principal is one such backout operation. User Action: None. This is an informational message displayed only when /INFORM is specified on the DCE IMPORT command line.
3.16 - IMP_ERRADDGRP
error adding principal <principal> to group <group> Explanation: Could not add <principal> to <group> in the DCE registry. User Action: Note the accompanying DCE error message for more details.
3.17 - IMP_ERRADDORG
error adding principal <principal> to organization <organization> Explanation: Could not add <principal> to <organization> in DCE registry. User Action: Note the accompanying DCE error message for more details.
3.18 - IMP_ERRACCEXC
error accessing DCE IMPORT exclude file Explanation: Could not access the DCE IMPORT exclude file. User Action: Note the accompanying error message for more details.
3.19 - IMP_ERRADDEXC
adding username to DCE IMPORT exclude file Explanation: Could not add the requested username to the DCE IMPORT exclude file. User Action: Note the accompanying error message for more details.
3.20 - IMP_ERRADDUAF
error adding username to DCE$UAF file Explanation: Could not add the imported username to the DCE$UAF file. User Action: Note the accompanying error message for more details.
3.21 - IMP_ERRCRACC
error creating account for <principal> Explanation: Could not create a DCE account for <principal>. User Action: Note the accompanying DCE error message for more details.
3.22 - IMP_ERRCRDCEUAF
error creating DCE authorization file Explanation: An error occurred while attempting to create the DCE$UAF file. User Action: See accompanying message for details.
3.23 - IMP_ERRCRPRN
error creating principal <principal> Explanation: Could not create a principal in the DCE registry. User Action: Note the accompanying DCE error message for more details.
3.24 - IMP_ERRDCEUAF
error accessing DCE authorization file Explanation: An error occurred while attempting to access the DCE$UAF file. User Action: See accompanying message for details.
3.25 - IMP_ERRDELACC
error deleting account for <principal> Explanation: Unable to delete account for <principal> from DCE registry. User Action: See accompanying DCE error message for more details.
3.26 - IMP_ERRDELEXC
error deleting username from DCE IMPORT exclude file Explanation: Could not remove requested username from the DCE IMPORT exclude file. User Action: Note the accompanying error message for more details.
3.27 - IMP_ERRDELFRGRP
error deleting principal <principal> from group <group> Explanation: An error occurred while deleting <principal> from <group> in the DCE registry. This delete operation is performed if the overall IMPORT operation failed and a backout of changes applied to the DCE registry is required. User Action: See accompanying DCE message for details.
3.28 - IMP_ERRDELFRORG
error deleting principal <principal> from organization <organization> Explanation: An error occurred while deleting <principal> from <organization> in the DCE registry. This delete operation is performed if the overall IMPORT operation failed and a backout of changes applied to the DCE registry is required. User Action: See accompanying DCE message for details.
3.29 - IMP_ERRDELPRN
error deleting principal <principal> Explanation: Unable to delete <principal> from DCE registry User Action: See accompanying DCE error message for more details
3.30 - IMP_ERRDELUAF
error deleting username from DCE$UAF file Explanation: Could not delete a username from the DCE$UAF file. User Action: Note the accompanying error message for more details.
3.31 - IMP_ERRCHGAUT
error changing account authorization policy Explanation: Could not change the DCE account's authorization policy. User Action: Note the accompanying DCE error message for more details.
3.32 - IMP_ERRSPAWN
error spawning sub-process Explanation: An error occurred while spawning a subprocess on the SPAWN command. User Action: Refer to appropriate OpenVMS documentation for resolution.
3.33 - IMP_ERRSYSUAF
error accessing SYSUAF file Explanation: Could not access the OpenVMS SYSUAF file. User Action: See accompanying OpenVMS or RMS error message for more details.
3.34 - IMP_EXCADD
username <username> added to DCE IMPORT exclude list Explanation: Username <username> successfully added to the DCE IMPORT exclude file. A DCE account will not be created for this username. User Action: None.
3.35 - IMP_EXCDEL
username <username> removed from DCE IMPORT exclude list Explanation: Username <username> successfully removed from DCE IMPORT exclude file. A subsequent IMPORT session could be used to create a DCE account for this username. User Action: None.
3.36 - IMP_EXCLUDED
username <username> has been excluded from DCE Explanation: Username <username> cannot be imported since it has been excluded from the DCE registry. User Action: None. This is an informational message displayed when /INFORM is specified on the DCE IMPORT command line.
3.37 - IMP_INDCE
username <username> already imported into DCE Explanation: An import operation was attempted on an already imported OpenVMS username. User Action: None. This is an informational message displayed only when /INFORM is specified on the DCE IMPORT command line.
3.38 - IMP_INDCEUAF
user <username> already in DCE$UAF Explanation: Username <username> already exists in the DCE$UAF.DAT file. User Action: None. This is a warning indicating that this suboperation in the IMPORT operation was previously performed.
3.39 - IMP_INEXCLUDE
username <username> already in DCE IMPORT exclude file Explanation: Username <username> has previously been added to the DCE IMPORT exclude file. User Action: None. This informational message is displayed when an exclude operation is attempted on an already excluded username and is displayed only when /INFORM is specified on the DCE IMPORT command line.
3.40 - IMP_INTINPDEV
internal error opening input device Explanation: Error opening SYS$INPUT. User Action: Verify user runtime environment. See to appropriate OpenVMS documentation for more details.
3.41 - IMP_INITERROR
initialization error Explanation: An error occurred during DCE IMPORT's initialization phase. User Action: Note error messages accompanying or directly preceding this message.
3.42 - IMP_INITWAIT
initializing..... Explanation: DCE IMPORT is in initialization mode. User Action: None.
3.43 - IMP_INVPASSWD
password validation failed. Please retry Explanation: The password entered when prompted for a retype does not match the originally entered password. User Action: Enter correct password for original and retype entry.
3.44 - IMP_INPREQ
input required! Explanation: Input not entered where input was mandatory. User Action: Provide required input.
3.45 - IMP_INTERROR
internal error Explanation: DCE IMPORT internal error occurred. User Action: Contact your support engineer or Submit a Quality Assurance Report (QAR).
3.46 - IMP_INVDATETM
invalid date/time Explanation: Date/time entered has invalid format. User Action: Enter date/time in standard format (dd-MMM-yyyy hh:mm:ss).
3.47 - IMP_NODCEUAF
unable to open DCE authorization file Explanation: Error occurred while attempting to open the DCE$UAF file User Action: See accompanying message for details.
3.48 - IMP_NOEXCUSR
no excluded users Explanation: No users listed in DCE IMPORT exclude file. User Action: None.
3.49 - IMP_NOGRP
group name not specified Explanation: Mandatory qualifier /GROUP not specified during a noninteractive IMPORT session. User Action: Provide the /GROUP qualifier with the group name on the command line.
3.50 - IMP_NOORG
organization name not specified Explanation: Mandatory qualifier /ORGANIZATION not specified during a noninteractive IMPORT session. User Action: Provide the /ORGANIZATION qualifier with the organiation name on the command line.
3.51 - IMP_NOPRIN
principal <principal> does not exist in DCE Registry Explanation: Principal <principal> does not exist in the DCE Registry. This means that <principal> does not have a corresponding OpenVMS username/account. User Action: None.
3.52 - IMP_NOSUCHEXC
no such username in exclude file Explanation: Username specified does not exist in DCE IMPORT's exclude file. User Action: Specify username that exists in DCE IMPORT's exclude file. Enter command SHOW/EXCLUDE to display the entire exclude list.
3.53 - IMP_NOSUCHGRP
no group <group>. Please choose a valid group Explanation: The group name specified is nonexistent in the DCE registry. User Action: Choose a valid group name. Use the DCE tool RGY_EDIT to search the DCE registry for group names.
3.54 - IMP_NOSUCHORG
no organization <organization>. Please choose a valid organization Explanation: The organization name specified is nonexistent in the DCE registry. User Action: Choose a valid organization name. Use the DCE tool RGY_EDIT to search the DCE registry for organization names.
3.55 - IMP_NOSCHPRM
corresponding primary principal not found in DCE Explanation: The DCE principal name specified as the primary principal while attempting to create an alias principal name is nonexistent in the DCE registry. User Action: Use the correct DCE principal name. Use the DCE tool RGY_EDIT to view the DCE registry.
3.56 - IMP_NOSCHUSR
OpenVMS username <username> does not exist on this system Explanation: An attempt was made to import a nonexistent OpenVMS user. User Action: Choose a valid OpenVMS user.
3.57 - IMP_OUTOPNERR
error opening alternate output Explanation: Could not access output medium User Action: If /OUTPUT was specified, verify the file name supplied with /OUTPUT. If /OUTPUT was not specified, check user runtime environment. See appropriate OpenVMS documentation for more details.
3.58 - IMP_PREXISTS
principal <principal> already exists in DCE Explanation: An attempt has been made to add <principal> to the DCE registry. User Action: None. This is a warning indicating that this suboperation in the IMPORT operation was previously performed.
3.59 - IMP_PRINGRP
principal <principal> already exists in group <group> Explanation: An attempt was made to add <principal> to DCE group <group> when it already was a member of the group. This action was attempted during an import operation. User Action: None. This is an informational message displayed only when /INFORM is specified on the DCE IMPORT command line.
3.60 - IMP_PRINORG
principal <principal> already exists in organization <organization> Explanation: An attempt was made to add <principal> to DCE organization <organization> when it was already a member of that organization. This action was attempted during an import operation. User Action: None. This is an informational message displayed only when /INFORM is specified on the DCE IMPORT command line.
3.61 - IMP_PRINUSE
principal <principal> in use by another OpenVMS username Explanation: The DCE principal name specified for the OpenVMS username being imported is associated with another OpenVMS username. User Action: Choose a DCE principal name that is not associated with any OpenVMS username.
3.62 - IMP_RANGEERR
error in entry! Number must be between 1 and 65535 Explanation: The value entered for quota is not within the desired range. User Action: Enter a number between 1 and 65535.
3.63 - IMP_TIMERR
DCE time configuration error Explanation: Time configuration incorrect on the DCE system. User Action: Refer to the Troubleshooting chapter in the Digital DCE for OpenVMS VAX and OpenVMS Alpha Product Guide.
3.64 - IMP_TOOLONG
input for <qualifier> too long Explanation: Value of <qualifer> is longer than expected maximum size of value. User Action: Enter a value that is within the valid size range.
3.65 - IMP_USERERR
error getting input from user Explanation: Error occurred while getting user input. User Action: Provide valid input.
4 - ADD |
Adds OpenVMS usernames. The ADD command can only be used with the following qualifier: o ADD/EXCLUDE Adds an OpenVMS username to the IMPORT exclude list (see /EXCLUDE).
4.1 - /EXCLUDE
Adds an OpenVMS username to the IMPORT exclude list. Format: ADD/EXCLUDE USERNAME
4. 1.1 - Parameters
username Specifies the name of the OpenVMS account to be added to the IMPORT exclude list.
5 - DELETE |
Deletes OpenVMS usernames. The DELETE command can only be used with the following qualifier: o DELETE/EXCLUDE Deletes an OpenVMS username from the IMPORT exclude list (see /EXCLUDE).
5.1 - /EXCLUDE
Deletes an OpenVMS username from the IMPORT exclude list. Format: DELETE/EXCLUDE USERNAME
5. 1.1 - Parameters
username Specifies the name of the OpenVMS account to be deleted from the IMPORT exclude list.
6 - EXIT |
Exits the IMPORT utility. You can also exit IMPORT by pressing the Ctrl/Z key. Format: EXIT
7 - IMPORT |
The IMPORT command is used to create DCE accounts based on OpenVMS accounts from an existing System Authorization File (SYSUAF). Format: IMPORT VMS-USERNAME Qualifiers Defaults /[NO]CONFIRM /DCE_LOGIN=(keyword=value,...) /[NO]IMPORT /IMPORT /[NO]EXCLUDE /NOEXCLUDE /[NO]INFORM /INFORM /[NO]INTERACTIVE /INTERACTIVE /MY_PASSWORD=passwd None /OUTPUT[=output] /OUTPUT=SYS$OUTPUT: /[NO]RECAP /NORECAP /[NO]TEST_ONLY /NOTEST_ONLY Data Qualifiers Defaults /[NO]EXPIRATION_DATE=d /NOEXPIRATION_DATE /FLAGS=flags /GOOD_SINCE_DATE=date /GOOD_SINCE_DATE=now /GROUP=group "none" /HOME_DIRECTORY=string None /LIFETIME=hours Taken from registry authorization policy /LOGIN_SHELL=string None /MISCELLANEOUS=string None /ORGANIZATION=organiza "none" /PASSWORD=passwd No valid password /PRINCIPAL=principal /RENEWABLE_LIFETIME=ho Taken from registry authorization policy
7.1 - Parameters
vms-username Specifies the name of the OpenVMS account that is to be imported. If an asterisk is specified in place of the vms-username, all accounts from the OpenVMS system authorization file are selected.
7.2 - Qualifiers
7. 2.1 - /CONFIRM
/CONFIRM /NOCONFIRM Controls whether the IMPORT command asks for confirmation before creating a DCE principal or account, or both. In interactive mode the default is /CONFIRM. In non- interactive mode the default is /NOCONFIRM.
7. 2.2 - /DCE_LOGIN=(keyword=valud[,...])
/DCE_LOGIN=(keyword=valud[,...]) Provides DCE account details for accounts that are authorized to create pricipals and accounts in the DCE registry. Valid keywords for the DCE_LOGIN qualifier are as follows: Keyword Description PRINCIPAL The principal name to be used for authentication purposes when creating accounts and/or principals in the DCE registry. If you do not specify a principal with this qualifier you are prompted for one interactively. PASSWORD The password associated with the principal name that was specified by the PRINCIPAL keyword. If you do not specify a password with this qualifier you are prompted for one interactively. If you do not specify a principal or password with this qualifier, you are prompted for them interactively, regardless of whether or not you are running in interactive mode. This information need be entered only once per session, on the first IMPORT command. Subsequent IMPORT commands within the same session do not require you to reenter this information. If you are an interactive user and you do not specify the PASSWORD keyword, IMPORT prompts you for your password. The advantage in this is the password is not echoed and therefore does not appear on your terminal.
7. 2.3 - /EXCLUDE
/EXCLUDE /NOEXCLUDE (default) Determines whether or not the OpenVMS account is imported to the DCE registry. If the OpenVMS account is not imported then the DCE account is not created and instead an entry is created in the IMPORT exclude file for the specified OpenVMS account.
7. 2.4 - /INFORM
/INFORM (default) /NOINFORM Determines whether or not the user is informed of OpenVMS accounts that would have been selected for import, but are not because they either have already been imported (for example, they have an entry in the DCE$UAF) or they have an entry in the IMPORT exclude file.
7. 2.5 - /INTERACTIVE
/INTERACTIVE (default) /NOINTERACTIVE Controls whether an interactive or noninteractive import is performed. In interactive mode, a series of questions is asked and the user's responses are used to determine the account details. This mode is well suited to interactive users. In noninteractive mode, all input is supplied through the data qualifiers, and any missing or conflicting data causes the DCE account to not be created. This mode is well suited to command files and batch jobs. Data qualifiers can be specified in interactive mode. In this case the data they provide is used to provide the default answers to the relevant questions. All questions are still asked.
7. 2.6 - /MY_PASSWORD=passwd
/MY_PASSWORD=passwd DCE requires that you specify your current DCE password for authentication purposes. If you do not specify your DCE password with this qualifier you are prompted for it interactively, regardless of if you are running in interactive mode or not. Omitting this qualifier and allowing IMPORT to prompt you for your DCE password has the advantage that in this case the password is not echoed and does therefore not appear on your terminal if you are an interactive user. OUTPUT[=output] /OUTPUT[=output] Defines where all program output should be written. The default is SYS$OUTPUT:.
7. 2.7 - /RECAP
/RECAP /NORECAP (default) If /RECAP is specified details of the DCE account are displayed before it is actually created. When /CONFIRM is also specified the account details are displayed immediately before the confirmation request.
7. 2.8 - /TEST_ONLY
/TEST_ONLY /NOTEST_ONLY (default) If /TEST_ONLY is specified, DCE accounts and DCE$UAF entries are not created. All other functions operate normally.
7.3 - Data Qualifiers
7. 3.1 - /EXPIRATION_DATE=date
/EXPIRATION_DATE=date /NOEXPIRATION_DATE (default) Specifies the expiration date for the DCE account. If not specified, or if /NOEXPIRATION_DATE is specified, then the DCE account is created without an expiration date.
7. 3.2 - /FLAGS=([no]keyword[,...])
/FLAGS=([no]keyword[,...]) Specifies several attributes of the DCE account. The keywords you can specify are: Keyword Description ACCOUNT_VALID A flag that is set to determine account validity. An account without this flag set is invalid and cannot log in. The default is ACCOUNT_VALID. CLIENT A flag that is set to indicate whether or not the account is for a principal that can act as a client. The default is CLIENT. DUPLICATE_KEYS A flag that is set to determine if tickets issued to the account's principal can have duplicate keys. The default is NODUPLICATE_KEYS. FORWARDABLE_ A flag that is set to determine whether a CERTIFICATES new ticket-granting ticket with a network address that differs from the present ticket-granting ticket network address can be issued to the account's principal. (The Proxiable Certificate Flag performs the same function for service tickets.) The default is FORWARDABLE_CERTIFICATES. PASSWORD_VALID A flag that is set to determine whether the current password is valid. If this flag is not set, the next time the principal logs in to the DCE account, the system prompts the principal to change his password. The default is PASSWORD_VALID. POSTDATED_ A flag that is set to determine if tickets CERTIFICATES with a start time some time in the future can be issued to the account's principal. The default is NOPOSTDATED_CERTIFICATES. PROXIABLE_ A flag that is set to determine whether or CERTIFICATE not a new ticket with a different network address than the present ticket can be issued to the account's principal. (The Forwardable Certificate Flag performs the same function for ticket-granting tickets.) The default is NOPROXIABLE_CERTIFICATE. RENEWABLE_ A flag that is set to determine if the CERTIFICATE ticket-granting ticket issued to the account's principal can be renewed.If this flag is set the authentication service renews the ticket-granting ticket if its lifetime is valid. The default is RENEWABLE_CERTIFICATE. SERVER A flag that is set to indicate whether or not the account is for a principal that can act as a server. The default is SERVER. TGT_ A flag that is set to determine whether AUTHENTICATION or not tickets issued to the account's principal can use the ticket-granting ticket authentication mechanism. The default is TGT_AUTHENTICATION.
7. 3.3 - /GOOD_SINCE_DATE=date
/GOOD_SINCE_DATE=date Specifies the date and time that the account was known to be in an uncompromised state. If not specified, the Good Since Date is set to the current date and time.
7. 3.4 - /GROUP=group
/GROUP=group Specifies the name of an existing DCE group that is associated with the account being created. Note that if the group does not exist it is not be created by IMPORT. The default group name is "none".
7. 3.5 - /HOME_DIRECTORY=string
/HOME_DIRECTORY=string Specifies the directory in which the principal is placed at login. If not specified the DCE account is created without a Home Directory.
7. 3.6 - /LIFETIME=hours
/LIFETIME=hours Specifies the maximum amount of time, in hours, that a ticket can be valid. If not specified the Maximum Certificate Lifetime defined as registry authorization policy is used.
7. 3.7 - /LOGIN_SHELL=string
/LOGIN_SHELL=string Specifies the shell that is executed when a principal logs in. If not specified the DCE account is created without a login shell.
7. 3.8 - /MISCELLANEOUS=string
/MISCELLANEOUS=string Specifies a text string that is typically used to describe the use of the account. If not specified the DCE account is created without a miscellaneous value.
7. 3.9 - /ORGANIZATION=organization
/ORGANIZATION=organization Specifies the name of an existing DCE organization that is associated with the account being created. Note that if the organization does not exist it is not be created by IMPORT. The default organization name is "none".
7. 3.10 - /PASSWORD=passwd
/PASSWORD=passwd Specifies the password to be assigned to the DCE account. If not specified the DCE account is created without a valid DCE password.
7. 3.11 - /PRINCIPAL=(keyword[,...])
/PRINCIPAL=(keyword[,...]) Specifies the principal that is associated with the DCE account that is being created. If an existing principal is to be associated with the DCE account being created then you need only specify NAME (and ALIAS if its an alias principal). The other keywords are only used when a new principal is created. The keywords you can specify are: Keyword Description ALIAS Specifies that the principal defined by the NAME keyword is an alias. By default the name is considered a primary principal. CASE=keyword Specifies how the principal name should be Formatted. For example, to specify that the principal name should be all lowercase, use /PRINCIPAL=CASE=LOWERCASE. Possible keywords are: NOEDIT Do not perform any Format:ting. This is the default. LOWERCASE[=n1[,n2]]Convert the principal name so that the first n1 characters and last n2 are lowercase, and the remainder are uppercase. If you do not specify a value for n1 then the entire principal is converted to lowercase. If you do not specify a value for n2 then 0 is used. UPPERCASE[=n1[,n2]]Convert the principal name so that the first n1 characters and last n2 are uppercase, and the remainder are lowercase. If you do not specify a value for n1 then the entire principal is converted to uppercase. If you do not specify a value for n2 then 0 is used. The default is NOEDIT. FULL_ An optional string that is used to more NAME=string fully qualify a primary name. If the name contains spaces, lowercase characters, or any other special characters, enclose the string in quotes. The default is no full name. NAME=name The standard name (primary or alias) that is associated with the DCE account. If the name contains spaces, lowercase characters, or any other special characters, enclose the string in quotes. The default is to take the username from the system authorization file (SYSUAF) record, edit it according to the CASE keyword, and then use this as the principal name. OBJECT_ The number of registry objects that can be CREATION_ created by the principal. QUOTA=number If you do not specify this keyword then no quota is established and the principal can create an unlimited number of registry objects. UNIX_ID=number The required UNIX ID that is associated with the principal. If a primary principal is being created you can omit the UNIX ID and one is generated automatically. If an alias principal is being created you must specify the UNIX ID of the corresponding primary principal.
7. 3.12 - /RENEWABLE_LIFETIME=hours
/RENEWABLE_LIFETIME=hours Specifies the amount of time, in hours, before a principal's ticket-granting ticket expires and that principal must log into the system again to reauthenticate and obtain another ticket-granting ticket. If not specified the Maximum Certificate Renewable Lifetime defined as registry authorization policy is used.
8 - SHOW |
Displays OpenVMS usernames. The SHOW command can only be used with the following qualifier: o SHOW/EXCLUDE Displays OpenVMS usernames in the IMPORT exclude list (see /EXCLUDE).
8.1 - /EXCLUDE
Displays OpenVMS usernames in the IMPORT exclude list. Format: SHOW/EXCLUDE [USERNAME] Qualifiers Defaults /ALL /OUTPUT=output /OUTPUT=SYS$OUTPUT:
8. 1.1 - Parameters
username Specifies the name of the OpenVMS account to be displayed from the IMPORT exclude list. Full OpenVMS wildcarding is allowed. If /ALL is on the command line, do not specify a username.
8. 1.2 - Qualifiers
8. 1. 2.1 - /ALL
/ALL Specifies that all IMPORT exclude entries are to be displayed. If you do not specify username, then /ALL is assumed.
8. 1. 2.2 - /OUTPUT=output
/OUTPUT=output Determines where the output is written. The default is SYS$OUTPUT:.
|