VMS Help
DCE_SECURITY, Admin Intro, DCE$IMPORT

 *Conan The Librarian (sorry for the slow response - running on an old VAX)

 The DCE IMPORT utility allows you to create principal and account
 entries in a DCE registry based on accounts in an existing OpenVMS
 authorization file. It is used for the following purposes:

 o  To populate the DCE registry when a new DCE cell is first established

 o  To add entries to an existing DCE registry when a new OpenVMS system
    joins an existing DCE cell

 o  To add entries to an existing DCE registry when new  users have joined
    an OpenVMS sytem that is already part of an existing DCE cell

 The DCE IMPORT utility also creates and maintains an exclude list.
 The exclude list contains the OpenVMS usernames of users who do not
 have, and do not require, a DCE account. This feature allows DCE IMPORT
 to skip over these users during DCE IMPORT operations.

    NOTE:

    The DCE IMPORT utility described in this section cannot be satisfied by
    the import function shipped with OSF DCE because of substantial
    differences between OpenVMS and UNIX user registry data.

 Passwords cannot be imported.  Instead, the automatic synchronization
 feature that occurs during integrated login is used to import user
 passwords.

 See the Digital DCE for OpenVMS VAX and OpenVMS Alpha Reference Guide
 for detailed descriptions of the DCE IMPORT commands.

    RELATED INFORMATION
      COMMANDS: DCE$EXPORT

  1 - File Info

 The DCE DCE IMPORT utility is shipped as an OpenVMS executable image
 named DCE$IMPORT.EXE. The image resides in the SYS$SYSTEM directory.

 The DCE IMPORT exclude file is named by default DCE$IMPORT_EXCLUDE.DAT
 and also resides in SYS$SYSTEM. You can change the name or location, or
 both, of this file by defining the logical name DCE$IMPORT_EXCLUDE to
 point to the new filename and location.

  2 - Running IMPORT

 The DCE IMPORT utility allows system administrators to create principal
 and account entries in a DCE registry based on accounts in SYSUAF.

 Integrated Login provides two methods of running the DCE IMPORT
 utility, as follows.

 o  By invoking the DCE IMPORT utility using a predefined symbol.

    $ IMPORT
    IMPORT>

 You can also specify a single DCE IMPORT command on the command line.
 Control returns to DCL after the command is executed.

    $ IMPORT command

 SYS$COMMON:[SYSMGR]DCE$DEFINE_REQUIRED_COMMANDS.COM defines the DCE
 symbol IMPORT which is used to invoke the DCE IMPORT utility. If this
 symbol is not defined in your environment, you can define the symbol
 as follows:

    $ IMPORT :== $SYS$SYSTEM:DCE$IMPORT

 o  By issuing the RUN command.

    $ RUN SYS$SYSTEM:DCE$IMPORT
    IMPORT>

  3 - Messages

 3.1 - IMP_ACCEXISTS

 account for <principal> already exists in DCE

         Explanation:

         An attempt has been made to recreate an account for
         <principal> in the DCE registry.

         User Action:

         None. This is a warning indicating that this suboperation in
         the IMPORT operation was previously performed.

 3.2 - IMP_ADDDCE

 username <username> successfully imported into DCE

         Explanation:

         A DCE account has been successfully created for OpenVMS
         username <username>.

         User Action:

         None.

 3.3 - IMP_ADDDCEACC

 account for <principal> successfully added to DCE

         Explanation:

         A DCE account was successfully created for <principal>.

         User Action:

         None.  This is an informational message displayed only if
         /INFORM is specified on the DCE IMPORT command line.

 3.4 - IMP_ADDDCEPRN

 principal <principal> successfully added to DCE

         Explanation:

         Principal <principal> record successfully created in the DCE
         registry.

         User Action:

         None. This is an informational message displayed only when
         /INFORM is specified on the DCE IMPORT command line.

 3.5 - IMP_ADDDCEUAF

 username <username> successfully added to DCE$UAF

         Explanation:

         Username <username> successfully added to the DCE$UAF file.

         User Action:

         None. This is an informational message displayed only if
         /INFORM is specified on the DCE IMPORT command line.

 3.6 - IMP_BINDERR

 error binding to DCE security registry

         Explanation:

         Unable to bind to the DCE security server.

         User Action:

         Note accompanying DCE error message for more details.

 3.7 - IMP_CREDCEUAF

 created new DCE$UAF file

         Explanation:

         A new DCE$UAF file was created.

         User Action:

         None.

 3.8 - IMP_DCEERR

 <DCE error message>

         Explanation:

         Accompanying DCE error message supplied with other
         DCE IMPORT error messages.

         User Action:

         Use this message to determine the cause of the problem.

 3.9 - IMP_DCELOGIN

 error in DCE login

         Explanation:

         An error occurred during DCE login.

         User Action:

         Enter a valid DCE username and password when prompted by DCE
         IMPORT.

 3.10 - IMP_DCEUAFERR

 error searching DCE$UAF

         Explanation:

         An error occurred while searching the DCE$UAF file.

         User Action:

         Note the accompanying error message for more details.

 3.11 - IMP_DELACC

 account for principal <principal> deleted from DCE

         Explanation:

         DCE account for <principal> was deleted from the DCE registry.
         This occurs when an atomic IMPORT operation fails during one of
         its suboperations. Such failure prompts a backout of all
         suboperations successfully performed during this IMPORT
         operation. Deleting the account is one such backout operation.

         User Action:

         None.  This is an informational message displayed only when
         /INFORM is specified on the DCE IMPORT command line.

 3.12 - IMP_DELDCEUAF

 username <username> successfully deleted from DCE$UAF

         Explanation:

         Username <username> deleted from DCE$UAF file.

         User Action:

         None. This is an informational message displayed only if
         /INFORM is specified on the DCE IMPORT command line.

 3.13 - IMP_DELFRGRP

 principal <principal> from group <group>

         Explanation:

         Principal <principal> was deleted from <group> in the DCE registry.
         This occurs when an atomic IMPORT operation fails during one of
         its suboperations. Such failure prompts a backout of all
         suboperations successfully performed during this IMPORT
         operation. Deleting the principal from the group is one such
         backout operation.

         User Action:

         None.  This is an informational message displayed only when
         /INFORM is specified on the DCE IMPORT command line.

 3.14 - IMP_DELFRORG

 principal <principal> deleted from organization <organization>

         Explanation:

         Principal <principal> was deleted from <organization> in the
         DCE registry. This occurs when an atomic IMPORT operation fails
         during one of its suboperations. Such failure prompts a backout of
         all suboperations successfully performed during this IMPORT
         operation. Deleting the principal from the organization is one such
         backout operation.

         User Action:

         None.  This is an informational message displayed only when
         /INFORM is specified on the DCE IMPORT command line.

 3.15 - IMP_DELPRN

 principal <principal> deleted from DCE

         Explanation:

         Principal <principal> was deleted from the DCE registry.
         This occurs when an atomic IMPORT operation fails during one of
         its suboperations. Such failure prompts a backout of all
         suboperations successfully performed during this IMPORT
         operation. Deleting the principal is one such backout operation.

         User Action:

         None. This is an informational message displayed only when
         /INFORM is specified on the DCE IMPORT command line.

 3.16 - IMP_ERRADDGRP

 error adding principal <principal> to group <group>

         Explanation:

         Could not add <principal> to <group> in the DCE registry.

         User Action:

         Note the accompanying DCE error message for more details.

 3.17 - IMP_ERRADDORG

 error adding principal <principal> to organization <organization>

         Explanation:

         Could not add <principal> to <organization> in DCE registry.

         User Action:

         Note the accompanying DCE error message for more details.

 3.18 - IMP_ERRACCEXC

 error accessing DCE IMPORT exclude file

         Explanation:

         Could not access the DCE IMPORT exclude file.

         User Action:

         Note the accompanying error message for more details.

 3.19 - IMP_ERRADDEXC

 adding username to DCE IMPORT exclude file

         Explanation:

         Could not add the requested username to the DCE IMPORT exclude
         file.

         User Action:

         Note the accompanying error message for more details.

 3.20 - IMP_ERRADDUAF

 error adding username to DCE$UAF file

         Explanation:

         Could not add the imported username to the DCE$UAF file.

         User Action:

         Note the accompanying error message for more details.

 3.21 - IMP_ERRCRACC

 error creating account for <principal>

         Explanation:

         Could not create a DCE account for <principal>.

         User Action:

         Note the accompanying DCE error message for more details.

 3.22 - IMP_ERRCRDCEUAF

 error creating DCE authorization file

         Explanation:

         An error occurred while attempting to create the
         DCE$UAF file.

         User Action:

         See accompanying message for details.

 3.23 - IMP_ERRCRPRN

 error creating principal <principal>

         Explanation:

         Could not create a principal in the DCE registry.

         User Action:

         Note the accompanying DCE error message for more details.

 3.24 - IMP_ERRDCEUAF

 error accessing DCE authorization file

         Explanation:

         An error occurred while attempting to access the
         DCE$UAF file.

         User Action:

         See accompanying message for details.

 3.25 - IMP_ERRDELACC

 error deleting account for <principal>

         Explanation:

         Unable to delete account for <principal> from DCE registry.

         User Action:

         See accompanying DCE error message for more details.

 3.26 - IMP_ERRDELEXC

 error deleting username from DCE IMPORT exclude file

         Explanation:

         Could not remove requested username from the DCE IMPORT exclude
         file.

         User Action:

         Note the accompanying error message for more details.

 3.27 - IMP_ERRDELFRGRP

 error deleting principal <principal> from group <group>

         Explanation:

         An error occurred while deleting <principal>
         from <group> in the DCE registry. This delete operation is
         performed if the overall IMPORT operation failed and a
         backout of changes applied to the DCE registry is
         required.

         User Action:

         See accompanying DCE message for details.

 3.28 - IMP_ERRDELFRORG

 error deleting principal <principal> from organization <organization>

         Explanation:

         An error occurred while deleting <principal> from
         <organization> in the DCE registry. This delete
         operation is performed if the overall IMPORT
         operation failed and a backout of changes applied to the
         DCE registry is required.

         User Action:

         See accompanying DCE message for details.

 3.29 - IMP_ERRDELPRN

 error deleting principal <principal>
         Explanation:

         Unable to delete <principal> from DCE registry

         User Action:

         See accompanying DCE error message for more details

 3.30 - IMP_ERRDELUAF

 error deleting username from DCE$UAF file

         Explanation:

         Could not delete a username from the DCE$UAF file.

         User Action:

         Note the accompanying error message for more details.

 3.31 - IMP_ERRCHGAUT

 error changing account authorization policy

         Explanation:

         Could not change the DCE account's authorization policy.

         User Action:

         Note the accompanying DCE error message for more details.

 3.32 - IMP_ERRSPAWN

 error spawning sub-process

         Explanation:

         An error occurred while spawning a subprocess on the SPAWN
         command.

         User Action:

         Refer to appropriate OpenVMS documentation for resolution.

 3.33 - IMP_ERRSYSUAF

 error accessing SYSUAF file

         Explanation:

         Could not access the OpenVMS SYSUAF file.

         User Action:

         See accompanying OpenVMS or RMS error message for more
         details.

 3.34 - IMP_EXCADD

 username <username> added to DCE IMPORT exclude list

         Explanation:

         Username <username> successfully added to the DCE IMPORT exclude
         file. A DCE account will not be created for this username.

         User Action:

         None.

 3.35 - IMP_EXCDEL

 username <username> removed from DCE IMPORT exclude list

         Explanation:

         Username <username> successfully removed from DCE IMPORT exclude
         file.  A subsequent IMPORT session could be used to create a
         DCE account for this username.

         User Action:

         None.

 3.36 - IMP_EXCLUDED

 username <username> has been excluded from DCE

         Explanation:

         Username <username> cannot be imported since it has been
         excluded from the DCE registry.

         User Action:

         None. This is an informational message displayed when /INFORM
         is specified on the DCE IMPORT command line.

 3.37 - IMP_INDCE

 username <username> already imported into DCE

         Explanation:

         An import operation was attempted on an already imported OpenVMS
         username.

         User Action:

         None. This is an informational message displayed only when
         /INFORM is specified on the DCE IMPORT command line.

 3.38 - IMP_INDCEUAF

 user <username> already in DCE$UAF

         Explanation:

         Username <username> already exists in the DCE$UAF.DAT file.

         User Action:

         None. This is a warning indicating that this suboperation in
         the IMPORT operation was previously performed.

 3.39 - IMP_INEXCLUDE

 username <username> already in DCE IMPORT exclude file

         Explanation:

         Username <username> has previously been added to the DCE IMPORT
         exclude file.

         User Action:

         None. This informational message is displayed when an exclude
         operation is attempted on an already excluded username and
         is displayed only when /INFORM is specified on the DCE
         IMPORT command line.

 3.40 - IMP_INTINPDEV

 internal error opening input device

         Explanation:

         Error opening SYS$INPUT.

         User Action:

         Verify user runtime environment. See to appropriate OpenVMS
         documentation for more details.

 3.41 - IMP_INITERROR

 initialization error

         Explanation:

         An error occurred during DCE IMPORT's initialization phase.

         User Action:

         Note error messages accompanying or directly preceding this
         message.

 3.42 - IMP_INITWAIT

 initializing.....

         Explanation:

         DCE IMPORT is in initialization mode.

         User Action:

         None.

 3.43 - IMP_INVPASSWD

 password validation failed. Please retry

         Explanation:

         The password entered when prompted for a retype does not match
         the originally entered password.

         User Action:

         Enter correct password for original and retype entry.

 3.44 - IMP_INPREQ

 input required!

         Explanation:

         Input not entered where input was mandatory.

         User Action:

         Provide required input.

 3.45 - IMP_INTERROR

 internal error

         Explanation:

         DCE IMPORT internal error occurred.

         User Action:

         Contact your support engineer or Submit a Quality Assurance Report
         (QAR).

 3.46 - IMP_INVDATETM

 invalid date/time

         Explanation:

         Date/time entered has invalid format.

         User Action:

         Enter date/time in standard format (dd-MMM-yyyy hh:mm:ss).

 3.47 - IMP_NODCEUAF

 unable to open DCE authorization file

         Explanation:

         Error occurred while attempting to open the DCE$UAF file

         User Action:

         See accompanying message for details.

 3.48 - IMP_NOEXCUSR

 no excluded users

         Explanation:

         No users listed in DCE IMPORT exclude file.

         User Action:

         None.

 3.49 - IMP_NOGRP

 group name not specified

         Explanation:

         Mandatory qualifier /GROUP not specified during a noninteractive
         IMPORT session.

         User Action:

         Provide the /GROUP qualifier with the group name on the command
         line.

 3.50 - IMP_NOORG

 organization name not specified

         Explanation:

         Mandatory qualifier /ORGANIZATION not specified during a
         noninteractive IMPORT session.

         User Action:

         Provide the /ORGANIZATION qualifier with the organiation name on
         the command line.

 3.51 - IMP_NOPRIN

 principal <principal> does not exist in DCE Registry

         Explanation:

         Principal <principal> does not exist in the DCE Registry.
         This means that <principal> does not have a corresponding OpenVMS
         username/account.

         User Action:

         None.

 3.52 - IMP_NOSUCHEXC

 no such username in exclude file

         Explanation:

         Username specified does not exist in DCE IMPORT's exclude
         file.

         User Action:

         Specify username that exists in DCE IMPORT's exclude file.
         Enter command SHOW/EXCLUDE to display the entire exclude list.

 3.53 - IMP_NOSUCHGRP

 no group <group>. Please choose a valid group

         Explanation:

         The group name specified is nonexistent in the DCE registry.

         User Action:

         Choose a valid group name. Use the DCE tool RGY_EDIT to search
         the DCE registry for group names.

 3.54 - IMP_NOSUCHORG

 no organization <organization>. Please choose a valid organization

         Explanation:

         The organization name specified is nonexistent in the DCE
         registry.

         User Action:

         Choose a valid organization name. Use the DCE tool RGY_EDIT to search
         the DCE registry for organization names.

 3.55 - IMP_NOSCHPRM

 corresponding primary principal not found in DCE

         Explanation:

         The DCE principal name specified as the primary principal while
         attempting to create an alias principal name is nonexistent in
         the DCE registry.

         User Action:

         Use the correct DCE principal name. Use the DCE tool RGY_EDIT
         to view the DCE registry.

 3.56 - IMP_NOSCHUSR

 OpenVMS username <username> does not exist on this system

         Explanation:

         An attempt was made to import a nonexistent OpenVMS user.

         User Action:

         Choose a valid OpenVMS user.

 3.57 - IMP_OUTOPNERR

 error opening alternate output

         Explanation:

         Could not access output medium

         User Action:

         If /OUTPUT was specified, verify the file name supplied with
         /OUTPUT. If /OUTPUT was not specified, check user runtime
         environment. See appropriate OpenVMS documentation for more
         details.

 3.58 - IMP_PREXISTS

 principal <principal> already exists in DCE

         Explanation:

         An attempt has been made to add <principal> to the DCE
         registry.

         User Action:

         None. This is a warning indicating that this suboperation in
         the IMPORT operation was previously performed.

 3.59 - IMP_PRINGRP

 principal <principal> already exists in group <group>

         Explanation:

         An attempt was made to add <principal> to DCE group <group>
         when it already was a member of the group. This action was
         attempted during an import operation.

         User Action:

         None. This is an informational message displayed only when
         /INFORM is specified on the DCE IMPORT command line.

 3.60 - IMP_PRINORG

 principal <principal> already exists in organization <organization>

         Explanation:

         An attempt was made to add <principal> to DCE organization
         <organization> when it was already a member of that organization.
         This action was attempted during an import operation.

         User Action:

         None. This is an informational message displayed only when
         /INFORM is specified on the DCE IMPORT command line.

 3.61 - IMP_PRINUSE

 principal <principal> in use by another OpenVMS username

         Explanation:

         The DCE principal name specified for the OpenVMS username being
         imported is associated with another OpenVMS username.

         User Action:

         Choose a DCE principal name that is not associated with any
         OpenVMS username.

 3.62 - IMP_RANGEERR

 error in entry! Number must be between 1 and 65535

         Explanation:

         The value entered for quota is not within the desired range.

         User Action:

         Enter a number between 1 and 65535.

 3.63 - IMP_TIMERR

 DCE time configuration error

         Explanation:

         Time configuration incorrect on the DCE system.

         User Action:

         Refer to the Troubleshooting chapter in the Digital DCE for
         OpenVMS VAX and OpenVMS Alpha Product Guide.

 3.64 - IMP_TOOLONG

 input for <qualifier> too long

         Explanation:

         Value of <qualifer> is longer than expected maximum size of
         value.

         User Action:

         Enter a value that is within the valid size range.

 3.65 - IMP_USERERR

 error getting input from user

         Explanation:

         Error occurred while getting user input.

         User Action:

         Provide valid input.

  4 - ADD

 Adds OpenVMS usernames. The ADD command can only be used
 with the following qualifier:

    o  ADD/EXCLUDE       Adds an OpenVMS username to the IMPORT
                         exclude list (see /EXCLUDE).

 4.1 - /EXCLUDE

 Adds an OpenVMS username to the IMPORT exclude list.

    Format:

    ADD/EXCLUDE  USERNAME

 4. 1.1 - Parameters

 username

    Specifies the name of the OpenVMS account to be added to
    the IMPORT exclude list.

  5 - DELETE

 Deletes OpenVMS usernames. The DELETE command can only be used
 with the following qualifier:

    o  DELETE/EXCLUDE    Deletes an OpenVMS username from the IMPORT
                         exclude list (see /EXCLUDE).

 5.1 - /EXCLUDE

 Deletes an OpenVMS username from the IMPORT exclude list.

    Format:

    DELETE/EXCLUDE  USERNAME

 5. 1.1 - Parameters

 username

    Specifies the name of the OpenVMS account to be deleted
    from the IMPORT exclude list.

  6 - EXIT

 Exits the IMPORT utility. You can also exit IMPORT by
 pressing the Ctrl/Z key.

    Format:

    EXIT

  7 - IMPORT

 The IMPORT command is used to create DCE accounts based on
 OpenVMS accounts from an existing System Authorization File
 (SYSUAF).

    Format:

    IMPORT  VMS-USERNAME

         Qualifiers            Defaults

         /[NO]CONFIRM
         /DCE_LOGIN=(keyword=value,...)
         /[NO]IMPORT           /IMPORT
         /[NO]EXCLUDE          /NOEXCLUDE
         /[NO]INFORM           /INFORM
         /[NO]INTERACTIVE      /INTERACTIVE
         /MY_PASSWORD=passwd   None
         /OUTPUT[=output]      /OUTPUT=SYS$OUTPUT:
         /[NO]RECAP            /NORECAP
         /[NO]TEST_ONLY        /NOTEST_ONLY

         Data Qualifiers         Defaults

         /[NO]EXPIRATION_DATE=d  /NOEXPIRATION_DATE
         /FLAGS=flags
         /GOOD_SINCE_DATE=date   /GOOD_SINCE_DATE=now
         /GROUP=group            "none"
         /HOME_DIRECTORY=string  None
         /LIFETIME=hours         Taken from registry authorization policy
         /LOGIN_SHELL=string     None
         /MISCELLANEOUS=string   None
         /ORGANIZATION=organiza  "none"
         /PASSWORD=passwd        No valid password
         /PRINCIPAL=principal
         /RENEWABLE_LIFETIME=ho  Taken from registry authorization policy

 7.1 - Parameters

 vms-username

    Specifies the name of the OpenVMS account that is to be
    imported.

    If an asterisk is specified in place of the vms-username,
    all accounts from the OpenVMS system authorization
    file are selected.

 7.2 - Qualifiers

 7. 2.1 - /CONFIRM

       /CONFIRM
       /NOCONFIRM

    Controls whether the IMPORT command asks for confirmation
    before creating a DCE principal or account, or both.

    In interactive mode the default is /CONFIRM. In non-
    interactive mode the default is /NOCONFIRM.

 7. 2.2 - /DCE_LOGIN=(keyword=valud[,...])

       /DCE_LOGIN=(keyword=valud[,...])

    Provides DCE account details for accounts that are authorized to
    create pricipals and accounts in the DCE registry. Valid keywords
    for the DCE_LOGIN qualifier are as follows:

         Keyword         Description

         PRINCIPAL       The principal name to be used for
                         authentication purposes when creating
                         accounts and/or principals in the DCE
                         registry.

                         If you do not specify a principal with this
                         qualifier you are prompted for one
                         interactively.

         PASSWORD        The password associated with the principal
                         name that was specified by the PRINCIPAL
                         keyword.

                         If you do not specify a password with this
                         qualifier you are prompted for one
                         interactively.

    If you do not specify a principal or password with this qualifier,
    you are prompted for them interactively, regardless of whether or
    not you are running in interactive mode.  This information need
    be entered only once per session, on the first IMPORT command.
    Subsequent IMPORT commands within the same session do not require
    you to reenter this information.

    If you are an interactive user and you do not specify the PASSWORD
    keyword, IMPORT prompts you for your password.  The advantage in
    this is the password is not echoed and therefore does not appear
    on your terminal.

 7. 2.3 - /EXCLUDE

       /EXCLUDE
       /NOEXCLUDE (default)

    Determines whether or not the OpenVMS account is imported
    to the DCE registry. If the OpenVMS account is not imported
    then the DCE account is not created and instead an entry
    is created in the IMPORT exclude file for the specified
    OpenVMS account.

 7. 2.4 - /INFORM

       /INFORM  (default)
       /NOINFORM

    Determines whether or not the user is informed of OpenVMS
    accounts that would have been selected for import, but are
    not because they either have already been imported (for example,
    they have an entry in the DCE$UAF) or they have an entry in
    the IMPORT exclude file.

 7. 2.5 - /INTERACTIVE

       /INTERACTIVE (default)
       /NOINTERACTIVE

    Controls whether an interactive or noninteractive import
    is performed.

    In interactive mode, a series of questions is asked and the
    user's responses are used to determine the account details.
    This mode is well suited to interactive users.

    In noninteractive mode, all input is supplied through the data
    qualifiers, and any missing or conflicting data causes
    the DCE account to not be created. This mode is well suited
    to command files and batch jobs.

    Data qualifiers can be specified in interactive mode.
    In this case the data they provide is used to provide the
    default answers to the relevant questions. All questions
    are still asked.

 7. 2.6 - /MY_PASSWORD=passwd

       /MY_PASSWORD=passwd

    DCE requires that you specify your current DCE password
    for authentication purposes. If you do not specify your
    DCE password with this qualifier you are prompted for
    it interactively, regardless of if you are running in
    interactive mode or not.

    Omitting this qualifier and allowing IMPORT to prompt you
    for your DCE password has the advantage that in this case
    the password is not echoed and does therefore not appear on
    your terminal if you are an interactive user.

 OUTPUT[=output]

       /OUTPUT[=output]

    Defines where all program output should be written.
    The default is SYS$OUTPUT:.

 7. 2.7 - /RECAP

       /RECAP
       /NORECAP (default)

    If /RECAP is specified details of the DCE account are
    displayed before it is actually created. When /CONFIRM
    is also specified the account details are displayed
    immediately before the confirmation request.

 7. 2.8 - /TEST_ONLY

       /TEST_ONLY
       /NOTEST_ONLY (default)

    If /TEST_ONLY is specified, DCE accounts and DCE$UAF
    entries are not created.  All other functions operate normally.

 7.3 - Data Qualifiers

 7. 3.1 - /EXPIRATION_DATE=date

       /EXPIRATION_DATE=date
       /NOEXPIRATION_DATE (default)

    Specifies the expiration date for the DCE account.

    If not specified, or if /NOEXPIRATION_DATE is specified,
    then the DCE account is created without an expiration date.

 7. 3.2 - /FLAGS=([no]keyword[,...])

       /FLAGS=([no]keyword[,...])

    Specifies several attributes of the DCE account. The
    keywords you can specify are:

         Keyword         Description

         ACCOUNT_VALID   A flag that is set to determine account
                         validity. An account without this flag set
                         is invalid and cannot log in.

                         The default is ACCOUNT_VALID.

         CLIENT          A flag that is set to indicate whether or
                         not the account is for a principal that
                         can act as a client.

                         The default is CLIENT.

         DUPLICATE_KEYS  A flag that is set to determine if tickets
                         issued to the account's principal can have
                         duplicate keys.

                         The default is NODUPLICATE_KEYS.

         FORWARDABLE_    A flag that is set to determine whether a
         CERTIFICATES    new ticket-granting ticket with a network
                         address that differs from the present
                         ticket-granting ticket network address can
                         be issued to the account's principal. (The
                         Proxiable Certificate Flag performs the
                         same function for service tickets.)

                         The default is FORWARDABLE_CERTIFICATES.

         PASSWORD_VALID  A flag that is set to determine whether
                         the current password is valid. If this
                         flag is not set, the next time the
                         principal logs in to the DCE account,
                         the system prompts the principal to change
                         his password.

                         The default is PASSWORD_VALID.

         POSTDATED_      A flag that is set to determine if tickets
         CERTIFICATES    with a start time some time in the future
                         can be issued to the account's principal.

                         The default is NOPOSTDATED_CERTIFICATES.

         PROXIABLE_      A flag that is set to determine whether or
         CERTIFICATE     not a new ticket with a different network
                         address than the present ticket can be
                         issued to the account's principal. (The
                         Forwardable Certificate Flag performs
                         the same function for ticket-granting
                         tickets.)

                         The default is NOPROXIABLE_CERTIFICATE.

         RENEWABLE_      A flag that is set to determine if the
         CERTIFICATE     ticket-granting ticket issued to the
                         account's principal can be renewed.If this
                         flag is set the authentication service
                         renews the ticket-granting ticket if its
                         lifetime is valid.

                         The default is RENEWABLE_CERTIFICATE.

         SERVER          A flag that is set to indicate whether or
                         not the account is for a principal that
                         can act as a server.

                         The default is SERVER.

         TGT_            A flag that is set to determine whether
         AUTHENTICATION  or not tickets issued to the account's
                         principal can use the ticket-granting
                         ticket authentication mechanism.

                         The default is TGT_AUTHENTICATION.

 7. 3.3 - /GOOD_SINCE_DATE=date

       /GOOD_SINCE_DATE=date

    Specifies the date and time that the account was known to be in an
    uncompromised state.

    If not specified, the Good Since Date is set to the current date
    and time.

 7. 3.4 - /GROUP=group

       /GROUP=group

    Specifies the name of an existing DCE group that is
    associated with the account being created. Note that if
    the group does not exist it is not be created by IMPORT.

    The default group name is "none".

 7. 3.5 - /HOME_DIRECTORY=string

       /HOME_DIRECTORY=string

    Specifies the directory in which the principal is placed at
    login.

    If not specified the DCE account is created without a Home
    Directory.

 7. 3.6 - /LIFETIME=hours

       /LIFETIME=hours

    Specifies the maximum amount of time, in hours, that a
    ticket can be valid.

    If not specified the Maximum Certificate Lifetime defined
    as registry authorization policy is used.

 7. 3.7 - /LOGIN_SHELL=string

       /LOGIN_SHELL=string

    Specifies the shell that is executed when a principal logs in.

    If not specified the DCE account is created without a login
    shell.

 7. 3.8 - /MISCELLANEOUS=string

       /MISCELLANEOUS=string

    Specifies a text string that is typically used to describe
    the use of the account.

    If not specified the DCE account is created without a
    miscellaneous value.

 7. 3.9 - /ORGANIZATION=organization

       /ORGANIZATION=organization

    Specifies the name of an existing DCE organization that is
    associated with the account being created. Note that if the
    organization does not exist it is not be created by IMPORT.

    The default organization name is "none".

 7. 3.10 - /PASSWORD=passwd

       /PASSWORD=passwd

    Specifies the password to be assigned to the DCE account.

    If not specified the DCE account is created without a valid
    DCE password.

 7. 3.11 - /PRINCIPAL=(keyword[,...])

       /PRINCIPAL=(keyword[,...])

    Specifies the principal that is associated with the DCE
    account that is being created.

    If an existing principal is to be associated with the DCE
    account being created then you need only specify NAME (and
    ALIAS if its an alias principal). The other keywords are
    only used when a new principal is created.

    The keywords you can specify are:

         Keyword          Description

         ALIAS            Specifies that the principal defined
                          by the NAME keyword is an alias. By
                          default the name is considered a primary
                          principal.

         CASE=keyword     Specifies how the principal name should be
                          Formatted. For example, to specify that the
                          principal name should be all lowercase, use
                          /PRINCIPAL=CASE=LOWERCASE. Possible keywords
                          are:

                          NOEDIT           Do not perform any
                                           Format:ting. This is the
                                           default.

                          LOWERCASE[=n1[,n2]]Convert the principal
                                           name so that the first
                                           n1 characters and last
                                           n2 are lowercase, and the
                                           remainder are uppercase.
                                           If you do not specify
                                           a value for n1 then
                                           the entire principal is
                                           converted to lowercase.
                                           If you do not specify a
                                           value for n2 then 0 is
                                           used.

                          UPPERCASE[=n1[,n2]]Convert the principal
                                           name so that the first
                                           n1 characters and last
                                           n2 are uppercase, and the
                                           remainder are lowercase.
                                           If you do not specify
                                           a value for n1 then
                                           the entire principal is
                                           converted to uppercase.
                                           If you do not specify a
                                           value for n2 then 0 is
                                           used.

                          The default is NOEDIT.

         FULL_            An optional string that is used to more
         NAME=string      fully qualify a primary name. If the name
                          contains spaces, lowercase characters, or
                          any other special characters, enclose the
                          string in quotes.

                          The default is no full name.

         NAME=name        The standard name (primary or alias) that
                          is associated with the DCE account. If
                          the name contains spaces, lowercase
                          characters, or any other special
                          characters, enclose the string in quotes.

                          The default is to take the username
                          from the system authorization file
                          (SYSUAF) record, edit it according to
                          the CASE keyword, and then use this as the
                          principal name.

         OBJECT_          The number of registry objects that can be
         CREATION_        created by the principal.
         QUOTA=number     If you do not specify this keyword then
                          no quota is established and the principal
                          can create an unlimited number of registry
                          objects.

         UNIX_ID=number   The required UNIX ID that is associated
                          with the principal.

                          If a primary principal is being created
                          you can omit the UNIX ID and one is
                          generated automatically.

                          If an alias principal is being created
                          you must specify the UNIX ID of the
                          corresponding primary principal.

 7. 3.12 - /RENEWABLE_LIFETIME=hours

       /RENEWABLE_LIFETIME=hours

    Specifies the amount of time, in hours, before a
    principal's ticket-granting ticket expires and that
    principal must log into the system again to reauthenticate
    and obtain another ticket-granting ticket.

    If not specified the Maximum Certificate Renewable Lifetime
    defined as registry authorization policy is used.

  8 - SHOW

 Displays OpenVMS usernames. The SHOW command can only be used
 with the following qualifier:

    o  SHOW/EXCLUDE      Displays OpenVMS usernames in the IMPORT exclude
                         list (see /EXCLUDE).

 8.1 - /EXCLUDE

 Displays OpenVMS usernames in the IMPORT exclude list.

    Format:

    SHOW/EXCLUDE  [USERNAME]

         Qualifiers            Defaults

         /ALL
         /OUTPUT=output        /OUTPUT=SYS$OUTPUT:

 8. 1.1 - Parameters

 username

    Specifies the name of the OpenVMS account to be displayed
    from the IMPORT exclude list.  Full OpenVMS wildcarding is allowed.

    If /ALL is on the command line, do not specify a username.

 8. 1.2 - Qualifiers

 8. 1. 2.1 - /ALL

       /ALL

    Specifies that all IMPORT exclude entries are to be
    displayed. If you do not specify username, then /ALL is
    assumed.

 8. 1. 2.2 - /OUTPUT=output

       /OUTPUT=output

    Determines where the output is written.
    The default is SYS$OUTPUT:.
  Close     HLB-list     TLB-list     Help  

[legal] [privacy] [GNU] [policy] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.