admauthdata(1M) DG/UX B2 Security R4.12MU02 admauthdata(1M)
NAME
admauthdata - manage authentication data objects in the A&A database
SYNOPSIS
admauthdata -o create -u username -m method [-q|-v] dataobj
admauthdata -o init -u username -m method [-q|-v] dataobj
admauthdata -o list -u username -m method [dataobj]
admauthdata -o modify -u username -m method dataobj
admauthdata -o remove -u username -m method dataobj
admauthdata -o unsuspend -u username -m method [-q|-v] dataobj
where:
username The login name of a user.
method The name associated with the series of actions performed as
one step of an authentication procedure.
dataobj The name associated with the authentication data object.
DESCRIPTION
admauthdata is used to manage a user's authentication data objects.
Operations
create Create a new authentication data object for the
specified user in the A&A database. When used with -q,
if the data object exists, create will first destroy the
data object without notification. Without the -q
option, if the data object exists, create will first ask
for confirmation to destroy the data object. If the
answer is to not destroy the data object, create will
fail and return an error.
init Initialize a new authentication data object for the
specified user in the A&A database. init is very similar
to create, with one major exception: modify will always
need to be used after an init to get any valid data into
the data object because init places null data into the
data object. When used with -q, if the data object
exists, create will first destroy the data object
without notification. Without the -q option, if the
data object exists, create will first ask for
confirmation to destroy the data object. If the answer
is to not destroy the data object, create will fail and
return an error.
list Display, on stdout, a listing of all the authentication
data objects associated with a particular authentication
method for the specified user. If dataobj is specified,
provide a listing of all the attributes which make up
dataobj.
modify Modify an existing authentication data object in the A&A
database for the specified user.
remove Remove an existing authentication data object in the A&A
database for the specified user.
unsuspend Change the state of an authentication data object in the
A&A database from suspended to unsuspended. Note that
there is not a symmetrical operation to change the state
to suspend. The authentication data object is placed in
a suspended state automatically by the Session Monitor
when necessary. When used with -q, if the data object
is currently suspended, unsuspend will change the state
of the data object without notification. Without the -q
option, unsuspend will display the current state of the
data object. If currently suspended, unsuspend will ask
for confirmation to change the data object state and
will display the final state of the data object (if the
state was changed).
Options
-m method The name of the authentication method.
-q Run in quiet mode. Status messages will be suppressed.
Using -q with the create or the init operation forces
the data object, if it already exists, to be overwritten
without warnings.
-u username The name of the user whose authentication data object is
being managed.
-v Run in verbose mode (the default). Status messages will
be displayed.
Only a user with appropriate privilege can use the create, init,
modify, remove and unsuspend operations. Only a user with
appropriate privilege can use the list operation with the dataobj
argument specified.
On a generic DG/UX system, appropriate privilege is granted by having
an effective UID of 0 (root). See the appropriateprivilege(5) man
page for more information. On a system with DG/UX information
security, appropriate privilege is granted by having one or more
specific capabilities enabled in the effective capability set of the
user. See the capdefaults(5) man page for the default capabilities
for this command.
EXAMPLES
# admauthdata -o create -u testuser -m dgpasswd local
For the user, testuser, this example will use the authentication method,
dgpasswd, to obtain the necessary information to create
the data object. The data object will then be stored in
the A&A database with the name local and will be associated with
the authentication method dgpasswd.
# admauthdata -o list -u proto -m dgpasswd
This example will display the list of data object names associated
with the authentication method dgpasswd for the user proto.
FILES
/etc/tcb/aa/user/<username>/attrauthdata/* A&A database
authentication data
entries for users
DIAGNOSTICS
Exit Codes
0 The operation was successful.
1 The operation was unsuccessful.
2 The operation failed due to access restrictions.
3 There was an error in the command line.
SEE ALSO
dgpasswd(1M), appropriateprivilege(5), capdefaults(5).
Licensed material--property of copyright holder(s)