Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ idadmin(1M) — UnixWare 2.01

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

attradmin(1M)

attrmap(3I)

namemap(3I)

uidadmin(1)






       idadmin(1M)                                              idadmin(1M)


       NAME
             idadmin - ID map data base administration

       SYNOPSIS
             idadmin [-S scheme [-l logname]]
             idadmin -S scheme -a -r g_name -l logname
             idadmin -S scheme -d [-r g_name] -l logname
             idadmin -S scheme -I descr
             idadmin -S scheme [-Duscf]

       DESCRIPTION
             The idadmin command displays and updates entries in the system
             ID mapping data base.  All update operations are logged
             (whether successful or not) in the file
             /var/adm/log/idmap.log.

          Files
            /etc/idmap/scheme_name/idata
                                   system map file for scheme scheme_name

            /etc/idmap/scheme_name/uidata
                                   user map file for scheme scheme_name

            /var/adm/log/idmap.log
                                   log file

            /etc/passwd           password file

       USAGE
             The system ID mapping data base consists of one or more system
             map files, where each map has a different record descriptor.
             Maps with different record descriptors support different
             authentication schemes.  idadmin also provides an
             administrator with a mechanism to enable and disable user-
             controlled mapping [see uidadmin].

             ID mapping data bases are used by namemap to map remote
             lognames to local ones.  If an ID mapping scheme is enabled
             for user-controlled mapping, namemap looks at the user ID map
             before the system ID map.

             Only a privileged user can execute this command.

          Options
             The options to idadmin have the following meanings:



                           Copyright 1994 Novell, Inc.               Page 1













      idadmin(1M)                                              idadmin(1M)


            -S scheme
                  Specify the name of the ID mapping scheme.

            -l logname
                  Specify a local name (logname) into which the remote
                  name maps.  logname must be a valid logname on the local
                  server.  To be valid, logname must appear in
                  /etc/passwd.  The logname may take the form %n or %i,
                  where %n is used for transparent mapping and %i forces
                  remote names to be rejected.

            -a    Add a map entry.  The local and remote names must be
                  specified.

            -r g_name
                  Specify the remote (global) name.  The format of g_name
                  is scheme-dependent; generally, it includes a login name
                  and a machine name.

            -d    Delete a map entry.  The scheme name and the local name
                  must be specified.  Specifying the remote name is
                  optional.  If only the local name is specified, all
                  entries mapping to that local name are deleted.  If a
                  remote name is also specified, only that particular map
                  entry is deleted.

            -I descr
                  Install a new scheme.  A remote name format descriptor
                  descr must be specified for the new scheme.  The remote
                  name file descriptor is a string that indicates the
                  format of the remote name; it includes field numbers,
                  the letter M to indicate the field is mandatory, and
                  field separators.

            -D    Delete a scheme.  The scheme name must be specified.

            -u    Enable user-controlled ID mapping (USER mode).  The
                  scheme name must be specified.

            -s    Disable user-controlled ID mapping (SECURE mode).  The
                  scheme name must be specified.

            -c    Check the consistency of a map file.  The scheme name
                  must be specified.  Map entries containing syntax errors
                  and unknown users are displayed.  Users are unknown if
                  they do not exist in /etc/passwd.


                          Copyright 1994 Novell, Inc.               Page 2













       idadmin(1M)                                              idadmin(1M)


             -f    Fix an inconsistent mapping file.  Entries that are out
                   of order are sorted; mapping entries containing syntax
                   errors and unknown users are displayed, and the system
                   administrator is given the opportunity to change or
                   delete them.

             When no options are specified, idadmin lists all installed
             schemes and the mode of each, USER or SECURE.  If only a
             scheme is specified, idadmin displays the contents of the
             system map file.  When a scheme and a logname are entered,
             idadmin lists all entries in the scheme's system map file that
             map into the logname.

             Transparent mapping may be achieved by specifying the
             metacharacter * in the remote name and %n for the local
             logname, where n is the number of the field that namemap will
             extract from the remote name and return as the local name.  An
             asterisk may appear in any field in g_name and matches any
             string of characters in the corresponding field of a remote
             name.  If %i is used for logname, namemap will reject all
             remote names that match the g_name.

             When namemap searches for a remote name in the system map
             file, it sequentially scans the file.  Therefore, the ordering
             of remote names in this file is critical.

             Remote names are sorted on the highest numbered field first.
             Entries with explicit values in this field appear first in the
             file.  Entries which include regular expressions in this field
             are sorted from the most specific to the least specific based
             on the position of metacharacters in the pattern.  The more a
             metacharacter is to the left in the pattern the less specific
             the pattern is.  For example, s* is less specific than sf*.

             If two or more entries have patterns which are equally
             specific, the specificity of the next lower numbered field is
             examined.  Fields are examined from highest to lowest until
             the remote names can be differentiated.

          Examples
             The following command line installs a new scheme, called
             myscheme:
                   idadmin -S myscheme -I M2!M1





                           Copyright 1994 Novell, Inc.               Page 3













      idadmin(1M)                                              idadmin(1M)


            In the remote name format descriptor M2!M1, M indicates that
            the field is mandatory.  The numbers indicate the order of
            significance of the fields, where higher numbered fields are
            more significant; in this example, the first field (M2) is
            meant to contain a system name, and the second field (M1) is
            meant to contain a user name.  Because the first field
            indicates the entity of greater significance, it is assigned
            the higher field number.  The character ! is used as the field
            separator.

            Given the ID Mapping scheme myscheme, the following command
            line creates an entry in the data base that maps user foo on
            machine comunix into user foo on the local host.
                  idadmin -S myscheme -a -r comunix!foo -l foo

            The following command line creates an entry in the data base
            that provides transparent mapping from any logname on any
            remote machine to a local user identity with the same logname:

                  idadmin -S myscheme -a -r "*!*" -l %1

      REFERENCES
            attradmin(1M), attrmap(3I), namemap(3I), uidadmin(1)

























                          Copyright 1994 Novell, Inc.               Page 4








Typewritten Software • bear@typewritten.org • Edmonds, WA 98026