100% Spam Free Email | Contact Us | Products/Services | Korn Shell | MicroEMACS


AIXtm mtXIA Technical Consulting Group

 


AIX User Config


Path : Home : Standards : User Management


Current:AIX User Config
Previous:AIX User Management
Home Page

The following document contains a description of the user management functions available through the System Management Interface Tool (smit).

Before configuring any person as a user, a unique User ID number must be obtained for each user. This number must be between 1100 and 4,294,967,295 and should be unique for this user enterprise wide. This document assumes the following have been performed for each person to be configured as a user:

  • A unique user name has been assigned which conforms to the AIX MSB Standard.
  • A unique numeric user ID has been assigned which conforms to the AIX MSB Standard.
  • The primary group assignment for the user has been determined.
  • The group set for the user has been determined.
  • The home directory for the user has been determined.
  • The phone number of the user is known and available.



telnet (ftwecs02)



****************************************************************
               Unauthorized access is prohibited
****************************************************************

login: dfren00
dfren00's Password:



Login to the AIX system where you wish to manage users. The users management smit menu should automatically appear, but if not, run the following command at the command prompt to start the smit menu:


 $ smit users



                                     Users

Move cursor to desired item and press Enter.

  Add a User
  Change a User's Password
  Change / Show Characteristics of a User
  Lock / Unlock a User's Account
  Reset User's Failed Login Count
  Remove a User
  List All Users


F1=Help             F2=Refresh          F3=Cancel           Esc+8=Image
Esc+9=Shell         Esc+0=Exit          Enter=Do


Notice the key definitions at the bottom of the screen. If you are using a "VT100" terminal emulation, which you probably are if you have used telnet to gain access to the system, then you will only be able to use the first four function keys. Other functions may be executed by pressing the "ESC" key and a number key in quick succession.

To add a user to this AIX system, select the menu item labeled "Add a User" and press the key associated with the "Do" function.


                                   Add a User

Type or select values in entry fields.
Press Enter AFTER making all desired changes.

[TOP]                                                   [Entry Fields]
* User NAME                                          [jdoe00]
  User ID                                            [11505355]                #
  ADMINISTRATIVE USER?                                false                   +
  Primary GROUP                                      [staff]                  +
  Group SET                                          [staff,mqm,ecs,controlm] +
  ADMINISTRATIVE GROUPS                              []                       +
  ROLES                                              []                       +
  Another user can SU TO USER?                        false                   +
  SU GROUPS                                          [ALL]                    +
  HOME directory                                     [/ftwXXX##/home/jdoe00]
  Initial PROGRAM                                    []
  User INFORMATION                                   [John Doe x=405.841.1234]
  EXPIRATION date (MMDDhhmmyy)                       [0]
  Is this user ACCOUNT LOCKED?                        false                   +
  User can LOGIN?                                     true                    +
  User can LOGIN REMOTELY?                            true                    +
  Allowed LOGIN TIMES                                []
  Number of FAILED LOGINS before                     [5]                       #
       user account is locked
  Login AUTHENTICATION GRAMMAR                       [compat]
  Valid TTYs                                         [ALL]
  Days to WARN USER before password expires          [14]                      #
  Password CHECK METHODS                             []
  Password DICTIONARY FILES                          [/usr/share/dict/words]
  NUMBER OF PASSWORDS before reuse                   [3]                       #
  WEEKS before password reuse                        [0]                       #
  Weeks between password EXPIRATION and LOCKOUT      [0]
  Password MAX. AGE                                  [12]                      #
  Password MIN. AGE                                  [1]                       #
  Password MIN. LENGTH                               [8]                       #
  Password MIN. ALPHA characters                     [5]                       #
  Password MIN. OTHER characters                     [3]                       #
  Password MAX. REPEATED characters                  [3]                       #
  Password MIN. DIFFERENT characters                 [3]                       #
  Password REGISTRY                                  []
  Soft FILE size                                     [2097151]                 #
  Soft CPU time                                      [-1]
  Soft DATA segment                                  [262144]                  #
  Soft STACK size                                    [65536]                   #
  Soft CORE file size                                [2097151]                 #
  Hard FILE size                                     []                        #
  Hard CPU time                                      []
  Hard DATA segment                                  []                        #
  Hard STACK size                                    []                        #
  Hard CORE file size                                []                        #
  File creation UMASK                                [077]
  AUDIT classes                                      []                       +
  TRUSTED PATH?                                       nosak                   +
  PRIMARY authentication method                      [SYSTEM]
  SECONDARY authentication method                    [NONE]
[BOTTOM]


F1=Help             F2=Refresh          F3=Cancel           F4=List
Esc+5=Reset         Esc+6=Command       Esc+7=Edit          Esc+8=Image
Esc+9=Shell         Esc+0=Exit          Enter=Do


    Enter the user information for the following fields:

  • User NAME
  • User ID
  • Primary GROUP
  • Group SET
  • HOME Directory
  • User INFORMATION

The rest of the fields for the user definition should default to the values shown above. If not, set them as shown. When finished, press the key associated with the "Do" function.

The "User Name" field is an enterprise wide unique name for this person which is formulated from the first letter of the persons first name, the first four letters of the persons last name (or in the event their last name is less than four letters, then use their entire last name), plus a two digit number maintained by the information security group.

The "User ID" field is a calculated value using the following script which is on all Mt Xia's Fort Worth AIX systems:

  • /home/bin/mkuid
  • To run the "mkuid" script, enter the full path name of the script followed by the user name of the person being configured. For example, to determine the UID of the user "John Doe", enter the following at an AIX command prompt:

    
     $ /home/bin/mkuid jdoe00
    
    

    This script will return a single line of output which contains the user name you supplied on the command line, followed by a colon, followed by a numeric value which represents the User ID (UID) for this user name. For the user "jdoe00", the script will return the following output:

  • jdoe00:11505355
  • The "Primary GROUP" field must be assigned by the person requesting the new user, the application administrator, and the opensystems group.

    The "Group SET" field must also be assigned by the person requesting the new user, the application administrator, and the opensystems group.

    The "HOME Directory" field should contain the full path name of the users home directory. The home directory of each users will vary and should be determined as specified in the Special Requirements document.

    The "User INFORMATION" field should contain the users first and last names, followed my their phone number. The syntax of entering this information should be as follows:

  • firstName LastName x=405.841.####
  • As an example, for John Doe whose imaginary phone number is (405) 841-9999, his "User INFORMATION" should be entered as:

  • John Doe x=405.841.9999
  • 
    
                                     COMMAND STATUS
    
    Command: OK            stdout: no            stderr: no
    
    Before command completion, additional instructions may appear below.
    
    
    F1=Help             F2=Refresh          F3=Cancel           Esc+6=Command
    Esc+8=Image         Esc+9=Shell         Esc+0=Exit          /=Find
    n=Find Next
    
    

    If the user is created successfully, the "Command:" field in the upper left corner of the screen will show an "OK" status. If not, it will show a "FAILED" status. When finished, press the key associated with the "Cancel" function.

    
    
                                         Users
    
    Move cursor to desired item and press Enter.
    
      Add a User
      Change a User's Password
      Change / Show Characteristics of a User
      Lock / Unlock a User's Account
      Reset User's Failed Login Count
      Remove a User
      List All Users
    
    
    F1=Help             F2=Refresh          F3=Cancel           Esc+8=Image
    Esc+9=Shell         Esc+0=Exit          Enter=Do
    
    

    After creating a new user, the password must be initialized in order to allow the user to login. Or if the user has forgotten his/her password, their password can be reset by a user administrator. Whenever the password is reset by an administrator, the user will be prompted to change that password the first time they login after the password reset.

    Normally you will only be able to reset your own password using this menu selection. To initialize or change another users password, go to the section of this document titled "Initializing Passwords". In order to user the SMIT menus to change a users password, the users old password must be known. If you know the users old password and want to change it, select the menu option labeled "Change a User's Password" and press the key associated with the "Do" function.

    
    
                                Change a User's Password
    
    Type or select values in entry fields.
    Press Enter AFTER making all desired changes.
    
                                                            [Entry Fields]
      User NAME                                          [jdoe00]                 +
    
    
    F1=Help             F2=Refresh          F3=Cancel           F4=List
    Esc+5=Reset         Esc+6=Command       Esc+7=Edit          Esc+8=Image
    Esc+9=Shell         Esc+0=Exit          Enter=Do
    
    

    Enter the user name of the person who requires a password initialization or reset. When finished, press the key associated with the "Do" function.

    
    
    Changing password for "jdoe00"
    jdoe00's New password:
    Enter the new password again:
    
    

    Enter a password for this user. As you are entering the password, the characters will NOT be echoed to the screen while you are typing. This is to prevent an observer from seeing the password. Since you will not be able to see any typing mistakes you may have made while entering the password, you will be required to enter the password twice. If the two instances of the password match, the password will be initialized/reset. If the two instances do not match, you will be informed of this and permitted to re-enter the password.

    
    
                                Change a User's Password
    
    Type or select values in entry fields.
    Press Enter AFTER making all desired changes.
    
                                                            [Entry Fields]
      User NAME                                          [jdoe00]                 +
    
    
    F1=Help             F2=Refresh          F3=Cancel           F4=List
    Esc+5=Reset         Esc+6=Command       Esc+7=Edit          Esc+8=Image
    Esc+9=Shell         Esc+0=Exit          Enter=Do
    
    

    You may enter another user name to initialize/reset their password, or return to the previous menu by pressing the key associated with the "Cancel" function.

    
    
                                         Users
    
    Move cursor to desired item and press Enter.
    
      Add a User
      Change a User's Password
      Change / Show Characteristics of a User
      Lock / Unlock a User's Account
      Reset User's Failed Login Count
      Remove a User
      List All Users
    
    
    F1=Help             F2=Refresh          F3=Cancel           Esc+8=Image
    Esc+9=Shell         Esc+0=Exit          Enter=Do
    
    

    If for some reason a mistake was made while creating a user, or the user information has changed, you will need to change the characteristics associated with that user on EVERY machine to which that user has access. To change the characteristics of a user, select the menu item labeled "Change / Show Characteristics of a User" and press the key associated with the "Do" function.

    
    
                        Change / Show Characteristics of a User
    
    Type or select a value for the entry field.
    Press Enter AFTER making all desired changes.
    
                                                            [Entry Fields]
    * User NAME                                          [jdoe00]                 +
    
    
    F1=Help             F2=Refresh          F3=Cancel           F4=List
    Esc+5=Reset         Esc+6=Command       Esc+7=Edit          Esc+8=Image
    Esc+9=Shell         Esc+0=Exit          Enter=Do
    
    

    Enter the user name of the person for whom you wish to change their user characteristics. When finished, press the key associated with the "Do" function.

    
    
                        Change / Show Characteristics of a User
    
    Type or select values in entry fields.
    Press Enter AFTER making all desired changes.
    
    [TOP]                                                   [Entry Fields]
    * User NAME                                           jdoe00
      User ID                                            [11505355]                #
      ADMINISTRATIVE USER?                                false                   +
      Primary GROUP                                      [staff]                  +
      Group SET                                          [staff,ecs,controlm,mqm] +
      ADMINISTRATIVE GROUPS                              []                       +
      ROLES                                              []                       +
      Another user can SU TO USER?                        false                   +
      SU GROUPS                                          [ALL]                    +
      HOME directory                                     [/ftwXXX##/home/jdoe00]
      Initial PROGRAM                                    [/usr/bin/ksh]
      User INFORMATION                                   [John Doe x=405.841.4321]
      EXPIRATION date (MMDDhhmmyy)                       [0]
      Is this user ACCOUNT LOCKED?                        false                   +
      User can LOGIN?                                     true                    +
      User can LOGIN REMOTELY?                            true                    +
      Allowed LOGIN TIMES                                []
      Number of FAILED LOGINS before                     [5]                       #
           user account is locked
      Login AUTHENTICATION GRAMMAR                       [compat]
      Valid TTYs                                         [ALL]
      Days to WARN USER before password expires          [14]                      #
      Password CHECK METHODS                             []
      Password DICTIONARY FILES                          [/usr/share/dict/words]
      NUMBER OF PASSWORDS before reuse                   [3]                       #
      WEEKS before password reuse                        [0]                       #
      Weeks between password EXPIRATION and LOCKOUT      [0]
      Password MAX. AGE                                  [12]                      #
      Password MIN. AGE                                  [1]                       #
      Password MIN. LENGTH                               [8]                       #
      Password MIN. ALPHA characters                     [5]                       #
      Password MIN. OTHER characters                     [3]                       #
      Password MAX. REPEATED characters                  [3]                       #
      Password MIN. DIFFERENT characters                 [3]                       #
      Password REGISTRY                                  [files]
      Soft FILE size                                     [2097151]                 #
      Soft CPU time                                      [-1]
      Soft DATA segment                                  [262144]                  #
      Soft STACK size                                    [65536]                   #
      Soft CORE file size                                [2097151]                 #
      Hard FILE size                                     []                        #
      Hard CPU time                                      []
      Hard DATA segment                                  []                        #
      Hard STACK size                                    []                        #
      Hard CORE file size                                []                        #
      File creation UMASK                                [77]
      AUDIT classes                                      []                       +
      TRUSTED PATH?                                       nosak                   +
      PRIMARY authentication method                      [SYSTEM]
      SECONDARY authentication method                    [NONE]
    [BOTTOM]
    
    F1=Help             F2=Refresh          F3=Cancel           F4=List
    Esc+5=Reset         Esc+6=Command       Esc+7=Edit          Esc+8=Image
    Esc+9=Shell         Esc+0=Exit          Enter=Do
    
    

    Change all fields which require modification. Do NOT change the "User ID" field. If the "User ID" field requires modification, contact the opensystems on-call person to assist with this modification. When finished, press the key associated with the "Do" function.

    
    
                                     COMMAND STATUS
    
    Command: OK            stdout: no            stderr: no
    
    Before command completion, additional instructions may appear below.
    
    
    F1=Help             F2=Refresh          F3=Cancel           Esc+6=Command
    Esc+8=Image         Esc+9=Shell         Esc+0=Exit          /=Find
    n=Find Next
    
    

    If the user is changed successfully, the "Command:" field in the upper left corner of the screen will show an "OK" status. If not, it will show a "FAILED" status. When finished, press the key associated with the "Cancel" function.

    
    
                        Change / Show Characteristics of a User
    
    Type or select values in entry fields.
    Press Enter AFTER making all desired changes.
    
    [TOP]                                                   [Entry Fields]
    * User NAME                                           jdoe00
      User ID                                            [11505355]                #
      ADMINISTRATIVE USER?                                false                   +
      Primary GROUP                                      [staff]                  +
      Group SET                                          [staff,ecs,controlm,mqm] +
      ADMINISTRATIVE GROUPS                              []                       +
      ROLES                                              []                       +
      Another user can SU TO USER?                        false                   +
      SU GROUPS                                          [ALL]                    +
      HOME directory                                     [/ftwXXX##/home/jdoe00]
      Initial PROGRAM                                    [/usr/bin/ksh]
      User INFORMATION                                   [John Doe x=405.841.4321]
      EXPIRATION date (MMDDhhmmyy)                       [0]
    [MORE...37]
    
    F1=Help             F2=Refresh          F3=Cancel           F4=List
    Esc+5=Reset         Esc+6=Command       Esc+7=Edit          Esc+8=Image
    Esc+9=Shell         Esc+0=Exit          Enter=Do
    
    

    Press the key associated with the "Cancel" function.

    
    
                                         Users
    
    Move cursor to desired item and press Enter.
    
      Add a User
      Change a User's Password
      Change / Show Characteristics of a User
      Lock / Unlock a User's Account
      Reset User's Failed Login Count
      Remove a User
      List All Users
    
    
    F1=Help             F2=Refresh          F3=Cancel           Esc+8=Image
    Esc+9=Shell         Esc+0=Exit          Enter=Do
    
    

    Allows a system administrator to lock or unlock a user's account. When a user's account is locked, no one can login to that account. When a user's account is unlocked, anyone who knows the correct password can login to the account.

    This option will NOT unlock a user's account that was locked as a result of too many failed login attempts.

    Note: To unlock a user's account that was locked because of too many failed logins, the system administrator can use the Reset User's Failed Login Count menu item under the Users menu item of the Security & Users menu.

    When an account is locked, it can only be unlocked by a user administrator. There will be requirements to intentionally lock users accounts on backup systems which are part of an HACMP cluster. To lock or unlock a users account user, select the menu item labeled "Lock / Unlock a User's Account" and press the key associated with the "Do" function.

    
    
                             Lock / Unlock a User's Account
    
    Type or select a value for the entry field.
    Press Enter AFTER making all desired changes.
    
                                                            [Entry Fields]
    * User NAME                                          [jdoe00]                 +
    
    
    F1=Help             F2=Refresh          F3=Cancel           F4=List
    Esc+5=Reset         Esc+6=Command       Esc+7=Edit          Esc+8=Image
    Esc+9=Shell         Esc+0=Exit          Enter=Do
    
    

    Enter the user name of the person whose account you wish to lock or unlock, and press the key associated with the "Do" function.

    
    
                             Lock / Unlock a User's Account
    
    Type or select values in entry fields.
    Press Enter AFTER making all desired changes.
    
                                                            [Entry Fields]
    * User NAME                                           jdoe00
      Is this user ACCOUNT LOCKED?                        false                   +
    
    
    F1=Help             F2=Refresh          F3=Cancel           F4=List
    Esc+5=Reset         Esc+6=Command       Esc+7=Edit          Esc+8=Image
    Esc+9=Shell         Esc+0=Exit          Enter=Do
    
    

    Move the cursor to the field associate with the prompt which says "Is this user ACCOUNT LOCKED?" and press the key associated with the "List" function.

    
    
                             Lock / Unlock a User's Account
    
    Type or select values in entry fields.
    Press Enter AFTER making all desired changes.
    
                                                            [Entry Fields]
    * User NAME                                           jdoe00
      Is this user ACCOUNT LOCKED?                        false                   +
    
    
    
      lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
      x                       Is this user ACCOUNT LOCKED?                       x
      x                                                                          x
      x Move cursor to desired item and press Enter.                             x
      x                                                                          x
      x                                                                          x
      x   true                                                                   x
      x   false                                                                  x
      x                                                                          x
      x F1=Help                 F2=Refresh              F3=Cancel                x
    F1x Esc+8=Image             Esc+0=Exit              Enter=Do                 x
    Esx /=Find                  n=Find Next                                      x
    Esmqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
    
    

    A selection list will appear which provides you with the ability to select "true" or "false" as your response to the prompt. If this users account is currently locked and you wish to unlock it, select "true". If this users account is currenty unlocked and you wish to lock it, select "false". When finished selecting the appropriate response, press the key associated with the "Do" function.

    
    
                             Lock / Unlock a User's Account
    
    Type or select values in entry fields.
    Press Enter AFTER making all desired changes.
    
                                                            [Entry Fields]
    * User NAME                                           jdoe00
      Is this user ACCOUNT LOCKED?                        true                    +
    
    
    F1=Help             F2=Refresh          F3=Cancel           F4=List
    Esc+5=Reset         Esc+6=Command       Esc+7=Edit          Esc+8=Image
    Esc+9=Shell         Esc+0=Exit          Enter=Do
    
    

    The selection list will disappear and your selection will be reflected in the entry field associated with the prompt "Is this user ACCOUNT LOCKED?". Press the key associated with the "Do" function.

    
    
                                     COMMAND STATUS
    
    Command: OK            stdout: no            stderr: no
    
    Before command completion, additional instructions may appear below.
    
    
    F1=Help             F2=Refresh          F3=Cancel           Esc+6=Command
    Esc+8=Image         Esc+9=Shell         Esc+0=Exit          /=Find
    n=Find Next
    
    

    If the user account is successfully locked, the "Command:" field in the upper left corner of the screen will show an "OK" status. If not, it will show a "FAILED" status. When finished, press the key associated with the "Cancel" function.

    
    
                             Lock / Unlock a User's Account
    
    Type or select values in entry fields.
    Press Enter AFTER making all desired changes.
    
                                                            [Entry Fields]
    * User NAME                                           jdoe00
      Is this user ACCOUNT LOCKED?                        true                    +
    
    
    F1=Help             F2=Refresh          F3=Cancel           F4=List
    Esc+5=Reset         Esc+6=Command       Esc+7=Edit          Esc+8=Image
    Esc+9=Shell         Esc+0=Exit          Enter=Do
    
    

    You may enter another user name to lock or unlock their account, or return to the previous menu by pressing the key associated with the "Cancel" function.

    
    
                                         Users
    
    Move cursor to desired item and press Enter.
    
      Add a User
      Change a User's Password
      Change / Show Characteristics of a User
      Lock / Unlock a User's Account
      Reset User's Failed Login Count
      Remove a User
      List All Users
    
    
    F1=Help             F2=Refresh          F3=Cancel           Esc+8=Image
    Esc+9=Shell         Esc+0=Exit          Enter=Do
    
    

    When the count of consecutive unsuccessful login attempts exceeds the number allowed (currently set to three attempts), the account is locked and the user cannot login.

    When an account is locked, it can only be unlocked by a user administrator. To reset the count of consecutive unsuccessful login attempts on a user's account, which will allow the user to try to login again, select the menu item labeled "Reset User's Failed Login Count" and press the key associated with the "Do" function.

    
    
                            Reset User's Failed Login Count
    
    Type or select values in entry fields.
    Press Enter AFTER making all desired changes.
    
                                                            [Entry Fields]
    * User NAME                                          [jdoe00]                 +
    
    
    F1=Help             F2=Refresh          F3=Cancel           F4=List
    Esc+5=Reset         Esc+6=Command       Esc+7=Edit          Esc+8=Image
    Esc+9=Shell         Esc+0=Exit          Enter=Do
    
    

    Enter the user name of the person whose account you wish to reset the count of consecutive unsuccessful login attempts, and press the key associated with the "Do" function.

    
    
                                     COMMAND STATUS
    
    Command: OK            stdout: no            stderr: no
    
    Before command completion, additional instructions may appear below.
    
    
    F1=Help             F2=Refresh          F3=Cancel           Esc+6=Command
    Esc+8=Image         Esc+9=Shell         Esc+0=Exit          /=Find
    n=Find Next
    
    

    If the unsuccessful login count is successfully reset for this user name, the "Command:" field in the upper left corner of the screen will show an "OK" status. If not, it will show a "FAILED" status. When finished, press the key associated with the "Cancel" function.

    
    
                            Reset User's Failed Login Count
    
    Type or select values in entry fields.
    Press Enter AFTER making all desired changes.
    
                                                            [Entry Fields]
    * User NAME                                          [jdoe00]                 +
    
    
    F1=Help             F2=Refresh          F3=Cancel           F4=List
    Esc+5=Reset         Esc+6=Command       Esc+7=Edit          Esc+8=Image
    Esc+9=Shell         Esc+0=Exit          Enter=Do
    
    

    You may enter another user name to reset the unsuccessful login count, or return to the previous menu by pressing the key associated with the "Cancel" function.

    
    
                                         Users
    
    Move cursor to desired item and press Enter.
    
      Add a User
      Change a User's Password
      Change / Show Characteristics of a User
      Lock / Unlock a User's Account
      Reset User's Failed Login Count
      Remove a User
      List All Users
    
    
    F1=Help             F2=Refresh          F3=Cancel           Esc+8=Image
    Esc+9=Shell         Esc+0=Exit          Enter=Do
    
    

    Removing a user account deletes the attributes defined for a user, but does NOT remove the user's home directory or files the user owns. Whenever a user is removed from a system, the opensystems group should be notified in order to clean-up and reassign file ownership of the removed users files.

    To remove a user account from the system, select the menu item labeled "Remove a User" and press the key associated with the "Do" function.

    
    
                             Remove a User from the System
    
    Type or select values in entry fields.
    Press Enter AFTER making all desired changes.
    
                                                            [Entry Fields]
    * User NAME                                          [jdoe00]                 +
      Remove AUTHENTICATION information?                  yes                     +
    
    
    F1=Help             F2=Refresh          F3=Cancel           F4=List
    Esc+5=Reset         Esc+6=Command       Esc+7=Edit          Esc+8=Image
    Esc+9=Shell         Esc+0=Exit          Enter=Do
    
    

    Enter the user name of the person whose account you wish to remove from the system. By answering "yes" in the "Remove Authentication Information?" option, the system will remove the user's password and other user authentication information. Press the key associated with the "Do" function to remove the user.

    
    
                             Remove a User from the System
    
    Type or select values in entry fields.
    Press Enter AFTER making all desired changes.
    
                                                            [Entry Fields]
    * User NAME                                          [jdoe00]                 +
      Remove AUTHENTICATION information?                  yes                     +
    
    
    
    
      lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
      x                              ARE YOU SURE?                               x
      x                                                                          x
      x Continuing may delete information you may want                           x
      x to keep.  This is your last chance to stop                               x
      x before continuing.                                                       x
      x     Press Enter to continue.                                             x
      x     Press Cancel to return to the application.                           x
      x                                                                          x
    F1x F1=Help                 F2=Refresh              F3=Cancel                x
    Esx Esc+8=Image             Esc+0=Exit              Enter=Do                 x
    Esmqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
    
    

    Press the "Enter" key to continue

    
    
                                     COMMAND STATUS
    
    Command: OK            stdout: no            stderr: no
    
    Before command completion, additional instructions may appear below.
    
    
    F1=Help             F2=Refresh          F3=Cancel           Esc+6=Command
    Esc+8=Image         Esc+9=Shell         Esc+0=Exit          /=Find
    n=Find Next
    
    

    If the user name is successfully removed from the system, the "Command:" field in the upper left corner of the screen will show an "OK" status. If not, it will show a "FAILED" status. When finished, press the key associated with the "Cancel" function.

    
    
                             Remove a User from the System
    
    Type or select values in entry fields.
    Press Enter AFTER making all desired changes.
    
                                                            [Entry Fields]
    * User NAME                                          [jdoe00]                 +
      Remove AUTHENTICATION information?                  yes                     +
    
    
    F1=Help             F2=Refresh          F3=Cancel           F4=List
    Esc+5=Reset         Esc+6=Command       Esc+7=Edit          Esc+8=Image
    Esc+9=Shell         Esc+0=Exit          Enter=Do
    
    

    You may enter another user name to remove from the system, or return to the previous menu by pressing the key associated with the "Cancel" function.

    
    
                                         Users
    
    Move cursor to desired item and press Enter.
    
      Add a User
      Change a User's Password
      Change / Show Characteristics of a User
      Lock / Unlock a User's Account
      Reset User's Failed Login Count
      Remove a User
      List All Users
    
    
    F1=Help             F2=Refresh          F3=Cancel           Esc+8=Image
    Esc+9=Shell         Esc+0=Exit          Enter=Do
    
    

    To obtain a list of all users which currently exist on the system, select the menu item labeled "List All Users" and press the key associated with the "Do" function.

    select the

    
    
                                     COMMAND STATUS
    
    Command: OK            stdout: no            stderr: no
    
    Before command completion, additional instructions may appear below.
    
    [TOP]
    root    0       /root
    daemon  1       /etc
    bin     2       /bin
    sys     3       /usr/sys
    adm     4       /var/adm
    uucp    5       /usr/lib/uucp
    guest   100     /home/guest
    nobody  -2      /
    lpd     9       /
    invscout        200     /home/invscout
    imnadm  201     /home/imnadm
    nuucp   6       /var/spool/uucppublic
    ipsec   202     /etc/ipsec
    cduser  1013    /ftwecs02/cduser
    dfren00 6023717 /home/dfren00
    ctrlm01 203     /ftwecs02/bmc/ctrlm01
    ecs02   48476   /ftwecs02/bmc/ecs
    gharr01 19950048        /home/gharr01
    cdaye00 2250908 /home/cdaye00
    jbass00 8543071 /home/jbass00
    sstev00 9681230 /home/sstev00
    rplan00 5949631 /home/rplan00
    eperm00 5786702 /home/eperm00
    jvang00 2971999 /home/jvang00
    lhols00 8429661 /home/lhols00
    rgaug00 3094649 /home/rgaug00
    sbutl00 5375344 /home/sbutl00
    kerns00 8466762 /home/kerns00
    ntann00 6170783 /home/ntann00
    gharr00 8068672 /home/gharr00
    phend00 1603417 /home/phend00
    dmars00 8525775 /home/dmars00
    gharp00 7154720 /home/gharp00
    jdean00 5944579 /home/jdean00
    ckeen00 6015058 /home/ckeen00
    apple00 0       /home/apple00
    shutdown        1719692 /shutdown
    controlm        8112790 /ftwecs02/bmc/controlm
    ctmagent        2751564 /ftwecs02/bmc/ctmagent
    ecs     11877124        /ftwecs02/bmc/ecs
    mqm     11873440        /ftwecs02/ibm/mqm
    
    [BOTTOM]
    
    F1=Help             F2=Refresh          F3=Cancel           Esc+6=Command
    Esc+8=Image         Esc+9=Shell         Esc+0=Exit          /=Find
    n=Find Next
    
    

    When finished view the list of users, return to the previous menu by pressing the key associated with the "Cancel" function.

    
    
                                         Users
    
    Move cursor to desired item and press Enter.
    
      Add a User
      Change a User's Password
      Change / Show Characteristics of a User
      Lock / Unlock a User's Account
      Reset User's Failed Login Count
      Remove a User
      List All Users
    
    
    F1=Help             F2=Refresh          F3=Cancel           Esc+8=Image
    Esc+9=Shell         Esc+0=Exit          Enter=Do
    
    

    To exit the user administration menu, press the key associated with the "Cancel" function.

    Initializing Passwords

    To initialize a users password or if the old password of the user is not known, use the following method to reset a users password. From a command prompt:

    
    
     $ pwdadm <USER NAME>
    
    
    

    Where <USER NAME> represents the user name of the person for whom you wish to change their password. For more information about the "pwdadm" command see the manual page.

    For example, to change the password of the user "jdoe00":

    
    
     $ pwdadm jdoe00
       Changing password for "jdoe00"
       aafif00's Password:
       jdoe00's New password:
       Enter the new password again:
     $ 
    
    
    

    Note: The system will require the user administrator to enter their password in order to confirm their identity, before allowing them to change the users password.

    Root users and members of the security group should not change their personal password with this command. These users should use the "passwd" command. For more information about the "passwd" command see the manual page.

    If a password is entered that does not conform to the MSB accepted standards, a message similar to the following will be displayed:

    
    
    
    3004-602 The required password characteristics are:
            a minimum of 5 alphabetic characters.
            a minimum of 3 non-alphabetic characters.
            a minimum of 3 characters not found in old password.
            a maximum of 3 repeated characters.
            a minimum of 8 characters in length.
    
    3004-603 Your password must have:
            a minimum of 3 non-alphabetic characters.
    
    3004-335 Passwords must not match words in the dictionary.
    
    
    

    User Administration

      User Administrators are allowed to:
    • Create regular users.
    • Change attributes of regular users.
    • Delete regular users.
    • Use "pwdadm" command to change the passwords of regular users.
    • Use "passwd" command to change their own password.
    • Use "smit" to change their own password.

      User Administrators are NOT allowed to:
    • Create administrative users.
    • Change attributes of administrative users.
    • Delete administrative users.
    • Use "passwd" command to change the passwords of regular users unless the users old password is known.
    • Remove files and directories owned by another user without explicit file system permission.
    • Change access permissions on files or directories owned by another user without explicit file system permission.

    Required AIX Commands

     

    For information regarding this page, contact Dana French ( dfrench@mtxia.com )
    Copyright 2008 by Mt Xia Inc, All Rights Reserved