Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ admauthdata(1M) — DG/UX R4.11MU05

Media Vault

Software Library

Restoration Projects

Artifacts Sought



admauthdata(1M)          DG/UX B2 Security R4.12MU02         admauthdata(1M)


NAME
       admauthdata - manage authentication data objects in the A&A database

SYNOPSIS
       admauthdata -o create    -u username -m method [-q|-v] dataobj
       admauthdata -o init      -u username -m method [-q|-v] dataobj
       admauthdata -o list      -u username -m method [dataobj]
       admauthdata -o modify    -u username -m method dataobj
       admauthdata -o remove    -u username -m method dataobj
       admauthdata -o unsuspend -u username -m method [-q|-v] dataobj

   where:
       username  The login name of a user.
       method    The name associated with the series of actions performed as
                 one step of an authentication procedure.
       dataobj  The name associated with the authentication data object.

DESCRIPTION
       admauthdata is used to manage a user's authentication data objects.

   Operations
       create       Create a new authentication data object for the
                    specified user in the A&A database.  When used with -q,
                    if the data object exists, create will first destroy the
                    data object without notification.  Without the -q
                    option, if the data object exists, create will first ask
                    for confirmation to destroy the data object. If the
                    answer is to not destroy the data object, create will
                    fail and return an error.

       init         Initialize a new authentication data object for the
                    specified user in the A&A database. init is very similar
                    to create, with one major exception: modify will always
                    need to be used after an init to get any valid data into
                    the data object because init places null data into the
                    data object.  When used with -q, if the data object
                    exists, create will first destroy the data object
                    without notification.  Without the -q option, if the
                    data object exists, create will first ask for
                    confirmation to destroy the data object. If the answer
                    is to not destroy the data object, create will fail and
                    return an error.

       list         Display, on stdout, a listing of all the authentication
                    data objects associated with a particular authentication
                    method for the specified user. If dataobj is specified,
                    provide a listing of all the attributes which make up
                    dataobj.

       modify       Modify an existing authentication data object in the A&A
                    database for the specified user.

       remove       Remove an existing authentication data object in the A&A
                    database for the specified user.

       unsuspend    Change the state of an authentication data object in the
                    A&A database from suspended to unsuspended. Note that
                    there is not a symmetrical operation to change the state
                    to suspend.  The authentication data object is placed in
                    a suspended state automatically by the Session Monitor
                    when necessary.  When used with -q, if the data object
                    is currently suspended, unsuspend will change the state
                    of the data object without notification.  Without the -q
                    option, unsuspend will display the current state of the
                    data object. If currently suspended, unsuspend will ask
                    for confirmation to change the data object state and
                    will display the final state of the data object (if the
                    state was changed).

   Options
       -m method    The name of the authentication method.

       -q           Run in quiet mode. Status messages will be suppressed.
                    Using -q with the create or the init operation forces
                    the data object, if it already exists, to be overwritten
                    without warnings.

       -u username  The name of the user whose authentication data object is
                    being managed.

       -v           Run in verbose mode (the default). Status messages will
                    be displayed.

       Only a user with appropriate privilege can use the create, init,
       modify, remove and unsuspend operations.  Only a user with
       appropriate privilege can use the list operation with the dataobj
       argument specified.

       On a generic DG/UX system, appropriate privilege is granted by having
       an effective UID of 0 (root).  See the appropriateprivilege(5) man
       page for more information.  On a system with DG/UX information
       security, appropriate privilege is granted by having one or more
       specific capabilities enabled in the effective capability set of the
       user.  See the capdefaults(5) man page for the default capabilities
       for this command.

EXAMPLES
       # admauthdata -o create -u testuser -m dgpasswd local

       For the user, testuser, this example will use the authentication method,
       dgpasswd, to obtain the necessary information to create
       the data object. The data object will then be stored in
       the A&A database with the name local and will be associated with
       the authentication method dgpasswd.

       # admauthdata -o list -u proto -m dgpasswd

       This example will display the list of data object names associated
       with the authentication method dgpasswd for the user proto.

FILES
       /etc/tcb/aa/user/<username>/attrauthdata/*  A&A database
                                                     authentication data
                                                     entries for users

DIAGNOSTICS
   Exit Codes
       0    The operation was successful.

       1    The operation was unsuccessful.

       2    The operation failed due to access restrictions.

       3    There was an error in the command line.

SEE ALSO
       dgpasswd(1M), appropriateprivilege(5), capdefaults(5).



Licensed material--property of copyright holder(s)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026