|
The following document contains a description of the user management
functions available through the System Management Interface Tool
(smit).
Before configuring any person as a user, a unique User ID number must
be obtained for each user. This number must be between 1100 and
4,294,967,295 and should be unique for this user enterprise wide. This
document assumes the following have been performed for each person to be
configured as a user:
- A unique user name has been assigned which conforms to the AIX MSB Standard.
- A unique numeric user ID has been assigned which conforms to the AIX MSB Standard.
- The primary group assignment for the user has been determined.
- The group set for the user has been determined.
- The home directory for the user has been determined.
- The phone number of the user is known and available.
telnet (ftwecs02)
****************************************************************
Unauthorized access is prohibited
****************************************************************
login: dfren00
dfren00's Password:
Login to the AIX system where you wish to manage users. The users management smit
menu should automatically appear, but if not, run the following command
at the command prompt to start the smit menu:
$ smit users
Users
Move cursor to desired item and press Enter.
Add a User
Change a User's Password
Change / Show Characteristics of a User
Lock / Unlock a User's Account
Reset User's Failed Login Count
Remove a User
List All Users
F1=Help F2=Refresh F3=Cancel Esc+8=Image
Esc+9=Shell Esc+0=Exit Enter=Do
Notice the key definitions at the bottom of the screen. If you are
using a "VT100" terminal emulation, which you probably are if you have
used telnet to gain access to the system, then you will only be able to
use the first four function keys. Other functions may be executed by
pressing the "ESC" key and a number key in quick
succession.
To add a user to this AIX system, select the menu item labeled
"Add a User" and press the key associated with the
"Do" function.
Add a User
Type or select values in entry fields.
Press Enter AFTER making all desired changes.
[TOP] [Entry Fields]
* User NAME [jdoe00]
User ID [11505355] #
ADMINISTRATIVE USER? false +
Primary GROUP [staff] +
Group SET [staff,mqm,ecs,controlm] +
ADMINISTRATIVE GROUPS [] +
ROLES [] +
Another user can SU TO USER? false +
SU GROUPS [ALL] +
HOME directory [/ftwXXX##/home/jdoe00]
Initial PROGRAM []
User INFORMATION [John Doe x=405.841.1234]
EXPIRATION date (MMDDhhmmyy) [0]
Is this user ACCOUNT LOCKED? false +
User can LOGIN? true +
User can LOGIN REMOTELY? true +
Allowed LOGIN TIMES []
Number of FAILED LOGINS before [5] #
user account is locked
Login AUTHENTICATION GRAMMAR [compat]
Valid TTYs [ALL]
Days to WARN USER before password expires [14] #
Password CHECK METHODS []
Password DICTIONARY FILES [/usr/share/dict/words]
NUMBER OF PASSWORDS before reuse [3] #
WEEKS before password reuse [0] #
Weeks between password EXPIRATION and LOCKOUT [0]
Password MAX. AGE [12] #
Password MIN. AGE [1] #
Password MIN. LENGTH [8] #
Password MIN. ALPHA characters [5] #
Password MIN. OTHER characters [3] #
Password MAX. REPEATED characters [3] #
Password MIN. DIFFERENT characters [3] #
Password REGISTRY []
Soft FILE size [2097151] #
Soft CPU time [-1]
Soft DATA segment [262144] #
Soft STACK size [65536] #
Soft CORE file size [2097151] #
Hard FILE size [] #
Hard CPU time []
Hard DATA segment [] #
Hard STACK size [] #
Hard CORE file size [] #
File creation UMASK [077]
AUDIT classes [] +
TRUSTED PATH? nosak +
PRIMARY authentication method [SYSTEM]
SECONDARY authentication method [NONE]
[BOTTOM]
F1=Help F2=Refresh F3=Cancel F4=List
Esc+5=Reset Esc+6=Command Esc+7=Edit Esc+8=Image
Esc+9=Shell Esc+0=Exit Enter=Do
Enter the user information for the following fields:
- User NAME
- User ID
- Primary GROUP
- Group SET
- HOME Directory
- User INFORMATION
The rest of the fields for the user definition should default to the
values shown above. If not, set them as shown. When finished, press
the key associated with the "Do" function.
The "User Name" field is an enterprise wide unique name
for this person which is formulated from the first letter of the persons
first name, the first four letters of the persons last name (or in the
event their last name is less than four letters, then use their entire
last name), plus a two digit number maintained by the information
security group.
The "User ID" field is a calculated value using the
following script which is on all Fleming's Fort Worth AIX systems:
/home/bin/mkuid
To run the "mkuid" script, enter the full path name of
the script followed by the user name of the person being configured.
For example, to determine the UID of the user "John Doe",
enter the following at an AIX command prompt:
$ /home/bin/mkuid jdoe00
This script will return a single line of output which contains the user name
you supplied on the command line, followed by a colon, followed by a
numeric value which represents the User ID (UID) for this user name.
For the user "jdoe00", the script will return the following
output:
jdoe00:11505355
The "Primary GROUP" field must be assigned by the person
requesting the new user, the application administrator, and the
opensystems group.
The "Group SET" field must also be assigned by the
person requesting the new user, the application administrator, and the
opensystems group.
The "HOME Directory" field should contain the full path
name of the users home directory. The home directory of each users will
vary and should be determined as specified in the
Special Requirements document.
The "User INFORMATION" field should contain the users
first and last names, followed my their phone number. The syntax of
entering this information should be as follows:
firstName LastName x=405.841.####
As an example, for John Doe whose imaginary phone number is (405)
841-9999, his "User INFORMATION" should be entered as:
John Doe x=405.841.9999
COMMAND STATUS
Command: stdout: no stderr: no
Before command completion, additional instructions may appear below.
F1=Help F2=Refresh F3=Cancel Esc+6=Command
Esc+8=Image Esc+9=Shell Esc+0=Exit /=Find
n=Find Next
If the user is created successfully, the "Command:"
field in the upper left corner of the screen will show an
"OK" status. If not, it will show a "FAILED"
status. When finished, press the key associated with the
"Cancel" function.
Users
Move cursor to desired item and press Enter.
Add a User
Change a User's Password
Change / Show Characteristics of a User
Lock / Unlock a User's Account
Reset User's Failed Login Count
Remove a User
List All Users
F1=Help F2=Refresh F3=Cancel Esc+8=Image
Esc+9=Shell Esc+0=Exit Enter=Do
After creating a new user, the password must be initialized in order
to allow the user to login. Or if the user has forgotten his/her
password, their password can be reset by a user administrator. Whenever
the password is reset by an administrator, the user will be prompted to
change that password the first time they login after the password
reset.
Normally you will only be able to reset your own password using this
menu selection. To initialize or change another users password, go to
the section of this document titled "Initializing
Passwords". In order to user the SMIT menus to change a users
password, the users old password must be known. If you know the users
old password and want to change it, select the menu option labeled
"Change a User's Password" and press the key associated
with the "Do" function.
Change a User's Password
Type or select values in entry fields.
Press Enter AFTER making all desired changes.
[Entry Fields]
User NAME [jdoe00] +
F1=Help F2=Refresh F3=Cancel F4=List
Esc+5=Reset Esc+6=Command Esc+7=Edit Esc+8=Image
Esc+9=Shell Esc+0=Exit Enter=Do
Enter the user name of the person who requires a password
initialization or reset. When finished, press the key associated with
the "Do" function.
Changing password for "jdoe00"
jdoe00's New password:
Enter the new password again:
Enter a password for this user. As you are entering the password,
the characters will NOT be echoed to the screen while
you are typing. This is to prevent an observer from seeing the
password. Since you will not be able to see any typing mistakes you may
have made while entering the password, you will be required to enter the
password twice. If the two instances of the password match, the
password will be initialized/reset. If the two instances do not match,
you will be informed of this and permitted to re-enter the password.
Change a User's Password
Type or select values in entry fields.
Press Enter AFTER making all desired changes.
[Entry Fields]
User NAME [jdoe00] +
F1=Help F2=Refresh F3=Cancel F4=List
Esc+5=Reset Esc+6=Command Esc+7=Edit Esc+8=Image
Esc+9=Shell Esc+0=Exit Enter=Do
You may enter another user name to initialize/reset their
password, or return to the previous menu by pressing the key associated with
the "Cancel" function.
Users
Move cursor to desired item and press Enter.
Add a User
Change a User's Password
Change / Show Characteristics of a User
Lock / Unlock a User's Account
Reset User's Failed Login Count
Remove a User
List All Users
F1=Help F2=Refresh F3=Cancel Esc+8=Image
Esc+9=Shell Esc+0=Exit Enter=Do
If for some reason a mistake was made while creating a user, or the
user information has changed, you will need to change the
characteristics associated with that user on EVERY
machine to which that user has access. To change the characteristics of
a user, select the menu item labeled "Change / Show
Characteristics of a User" and press the key associated with the
"Do" function.
Change / Show Characteristics of a User
Type or select a value for the entry field.
Press Enter AFTER making all desired changes.
[Entry Fields]
* User NAME [jdoe00] +
F1=Help F2=Refresh F3=Cancel F4=List
Esc+5=Reset Esc+6=Command Esc+7=Edit Esc+8=Image
Esc+9=Shell Esc+0=Exit Enter=Do
Enter the user name of the person for whom you wish to change their
user characteristics. When finished, press the key associated with
the "Do" function.
Change / Show Characteristics of a User
Type or select values in entry fields.
Press Enter AFTER making all desired changes.
[TOP] [Entry Fields]
* User NAME jdoe00
User ID [11505355] #
ADMINISTRATIVE USER? false +
Primary GROUP [staff] +
Group SET [staff,ecs,controlm,mqm] +
ADMINISTRATIVE GROUPS [] +
ROLES [] +
Another user can SU TO USER? false +
SU GROUPS [ALL] +
HOME directory [/ftwXXX##/home/jdoe00]
Initial PROGRAM [/usr/bin/ksh]
User INFORMATION [John Doe x=405.841.4321]
EXPIRATION date (MMDDhhmmyy) [0]
Is this user ACCOUNT LOCKED? false +
User can LOGIN? true +
User can LOGIN REMOTELY? true +
Allowed LOGIN TIMES []
Number of FAILED LOGINS before [5] #
user account is locked
Login AUTHENTICATION GRAMMAR [compat]
Valid TTYs [ALL]
Days to WARN USER before password expires [14] #
Password CHECK METHODS []
Password DICTIONARY FILES [/usr/share/dict/words]
NUMBER OF PASSWORDS before reuse [3] #
WEEKS before password reuse [0] #
Weeks between password EXPIRATION and LOCKOUT [0]
Password MAX. AGE [12] #
Password MIN. AGE [1] #
Password MIN. LENGTH [8] #
Password MIN. ALPHA characters [5] #
Password MIN. OTHER characters [3] #
Password MAX. REPEATED characters [3] #
Password MIN. DIFFERENT characters [3] #
Password REGISTRY [files]
Soft FILE size [2097151] #
Soft CPU time [-1]
Soft DATA segment [262144] #
Soft STACK size [65536] #
Soft CORE file size [2097151] #
Hard FILE size [] #
Hard CPU time []
Hard DATA segment [] #
Hard STACK size [] #
Hard CORE file size [] #
File creation UMASK [77]
AUDIT classes [] +
TRUSTED PATH? nosak +
PRIMARY authentication method [SYSTEM]
SECONDARY authentication method [NONE]
[BOTTOM]
F1=Help F2=Refresh F3=Cancel F4=List
Esc+5=Reset Esc+6=Command Esc+7=Edit Esc+8=Image
Esc+9=Shell Esc+0=Exit Enter=Do
Change all fields which require modification. Do
NOT change the "User ID" field. If the
"User ID" field requires modification, contact the
opensystems on-call person to assist with this modification. When
finished, press the key associated with the "Do"
function.
COMMAND STATUS
Command: stdout: no stderr: no
Before command completion, additional instructions may appear below.
F1=Help F2=Refresh F3=Cancel Esc+6=Command
Esc+8=Image Esc+9=Shell Esc+0=Exit /=Find
n=Find Next
If the user is changed successfully, the "Command:"
field in the upper left corner of the screen will show an
"OK" status. If not, it will show a "FAILED"
status. When finished, press the key associated with the
"Cancel" function.
Change / Show Characteristics of a User
Type or select values in entry fields.
Press Enter AFTER making all desired changes.
[TOP] [Entry Fields]
* User NAME jdoe00
User ID [11505355] #
ADMINISTRATIVE USER? false +
Primary GROUP [staff] +
Group SET [staff,ecs,controlm,mqm] +
ADMINISTRATIVE GROUPS [] +
ROLES [] +
Another user can SU TO USER? false +
SU GROUPS [ALL] +
HOME directory [/ftwXXX##/home/jdoe00]
Initial PROGRAM [/usr/bin/ksh]
User INFORMATION [John Doe x=405.841.4321]
EXPIRATION date (MMDDhhmmyy) [0]
[MORE...37]
F1=Help F2=Refresh F3=Cancel F4=List
Esc+5=Reset Esc+6=Command Esc+7=Edit Esc+8=Image
Esc+9=Shell Esc+0=Exit Enter=Do
Press the key associated with the "Cancel" function.
Users
Move cursor to desired item and press Enter.
Add a User
Change a User's Password
Change / Show Characteristics of a User
Lock / Unlock a User's Account
Reset User's Failed Login Count
Remove a User
List All Users
F1=Help F2=Refresh F3=Cancel Esc+8=Image
Esc+9=Shell Esc+0=Exit Enter=Do
Allows a system administrator to lock or unlock a user's account.
When a user's account is locked, no one can login to that account. When
a user's account is unlocked, anyone who knows the correct password can
login to the account.
This option will NOT unlock a user's account that
was locked as a result of too many failed login attempts.
Note: To unlock a user's account that was locked because of too
many failed logins, the system administrator can use the Reset User's
Failed Login Count menu item under the Users menu item of the Security &
Users menu.
When an account is locked, it can only be unlocked by a user
administrator. There will be requirements to intentionally lock users
accounts on backup systems which are part of an HACMP cluster. To lock
or unlock a users account user, select the menu item labeled "Lock
/ Unlock a User's Account" and press the key associated with the
"Do" function.
Lock / Unlock a User's Account
Type or select a value for the entry field.
Press Enter AFTER making all desired changes.
[Entry Fields]
* User NAME [jdoe00] +
F1=Help F2=Refresh F3=Cancel F4=List
Esc+5=Reset Esc+6=Command Esc+7=Edit Esc+8=Image
Esc+9=Shell Esc+0=Exit Enter=Do
Enter the user name of the person whose account you wish to lock or
unlock, and press the key associated with the "Do"
function.
Lock / Unlock a User's Account
Type or select values in entry fields.
Press Enter AFTER making all desired changes.
[Entry Fields]
* User NAME jdoe00
Is this user ACCOUNT LOCKED? false +
F1=Help F2=Refresh F3=Cancel F4=List
Esc+5=Reset Esc+6=Command Esc+7=Edit Esc+8=Image
Esc+9=Shell Esc+0=Exit Enter=Do
Move the cursor to the field associate with the prompt which says
"Is this user ACCOUNT LOCKED?" and press the key associated
with the "List" function.
Lock / Unlock a User's Account
Type or select values in entry fields.
Press Enter AFTER making all desired changes.
[Entry Fields]
* User NAME jdoe00
Is this user ACCOUNT LOCKED? false +
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x Is this user ACCOUNT LOCKED? x
x x
x Move cursor to desired item and press Enter. x
x x
x x
x true x
x false x
x x
x F1=Help F2=Refresh F3=Cancel x
F1x Esc+8=Image Esc+0=Exit Enter=Do x
Esx /=Find n=Find Next x
Esmqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
A selection list will appear which provides you with the ability to
select "true" or "false" as your response to
the prompt. If this users account is currently locked and you wish to
unlock it, select "true". If this users account is
currenty unlocked and you wish to lock it, select "false".
When finished selecting the appropriate response, press the key
associated with the "Do" function.
Lock / Unlock a User's Account
Type or select values in entry fields.
Press Enter AFTER making all desired changes.
[Entry Fields]
* User NAME jdoe00
Is this user ACCOUNT LOCKED? true +
F1=Help F2=Refresh F3=Cancel F4=List
Esc+5=Reset Esc+6=Command Esc+7=Edit Esc+8=Image
Esc+9=Shell Esc+0=Exit Enter=Do
The selection list will disappear and your selection will be reflected
in the entry field associated with the prompt "Is this user
ACCOUNT LOCKED?". Press the key associated with the
"Do" function.
COMMAND STATUS
Command: stdout: no stderr: no
Before command completion, additional instructions may appear below.
F1=Help F2=Refresh F3=Cancel Esc+6=Command
Esc+8=Image Esc+9=Shell Esc+0=Exit /=Find
n=Find Next
If the user account is successfully locked, the
"Command:" field in the upper left corner of the screen
will show an "OK" status. If not, it will show a
"FAILED" status. When finished, press the key associated
with the "Cancel" function.
Lock / Unlock a User's Account
Type or select values in entry fields.
Press Enter AFTER making all desired changes.
[Entry Fields]
* User NAME jdoe00
Is this user ACCOUNT LOCKED? true +
F1=Help F2=Refresh F3=Cancel F4=List
Esc+5=Reset Esc+6=Command Esc+7=Edit Esc+8=Image
Esc+9=Shell Esc+0=Exit Enter=Do
You may enter another user name to lock or unlock their account, or
return to the previous menu by pressing the key associated with the
"Cancel" function.
Users
Move cursor to desired item and press Enter.
Add a User
Change a User's Password
Change / Show Characteristics of a User
Lock / Unlock a User's Account
Reset User's Failed Login Count
Remove a User
List All Users
F1=Help F2=Refresh F3=Cancel Esc+8=Image
Esc+9=Shell Esc+0=Exit Enter=Do
When the count of consecutive unsuccessful login attempts exceeds the
number allowed (currently set to three attempts), the account is locked
and the user cannot login.
When an account is locked, it can only be unlocked by a user
administrator. To reset the count of consecutive unsuccessful login
attempts on a user's account, which will allow the user to try to login
again, select the menu item labeled "Reset User's Failed Login
Count" and press the key associated with the "Do"
function.
Reset User's Failed Login Count
Type or select values in entry fields.
Press Enter AFTER making all desired changes.
[Entry Fields]
* User NAME [jdoe00] +
F1=Help F2=Refresh F3=Cancel F4=List
Esc+5=Reset Esc+6=Command Esc+7=Edit Esc+8=Image
Esc+9=Shell Esc+0=Exit Enter=Do
Enter the user name of the person whose account you wish to reset the
count of consecutive unsuccessful login attempts, and press the key
associated with the "Do" function.
COMMAND STATUS
Command: stdout: no stderr: no
Before command completion, additional instructions may appear below.
F1=Help F2=Refresh F3=Cancel Esc+6=Command
Esc+8=Image Esc+9=Shell Esc+0=Exit /=Find
n=Find Next
If the unsuccessful login count is successfully reset for this user
name, the "Command:" field in the upper left corner
of the screen will show an "OK" status. If not, it will
show a "FAILED" status. When finished, press the key
associated with the "Cancel" function.
Reset User's Failed Login Count
Type or select values in entry fields.
Press Enter AFTER making all desired changes.
[Entry Fields]
* User NAME [jdoe00] +
F1=Help F2=Refresh F3=Cancel F4=List
Esc+5=Reset Esc+6=Command Esc+7=Edit Esc+8=Image
Esc+9=Shell Esc+0=Exit Enter=Do
You may enter another user name to reset the unsuccessful login
count, or return to the previous menu by pressing the key associated with
the "Cancel" function.
Users
Move cursor to desired item and press Enter.
Add a User
Change a User's Password
Change / Show Characteristics of a User
Lock / Unlock a User's Account
Reset User's Failed Login Count
Remove a User
List All Users
F1=Help F2=Refresh F3=Cancel Esc+8=Image
Esc+9=Shell Esc+0=Exit Enter=Do
Removing a user account deletes the attributes defined for a user,
but does NOT remove the user's home directory or files
the user owns. Whenever a user is removed from a system, the
opensystems group should be notified in order to clean-up and reassign
file ownership of the removed users files.
To remove a user account from the system, select the menu item
labeled "Remove a User" and press the key associated with
the "Do" function.
Remove a User from the System
Type or select values in entry fields.
Press Enter AFTER making all desired changes.
[Entry Fields]
* User NAME [jdoe00] +
Remove AUTHENTICATION information? yes +
F1=Help F2=Refresh F3=Cancel F4=List
Esc+5=Reset Esc+6=Command Esc+7=Edit Esc+8=Image
Esc+9=Shell Esc+0=Exit Enter=Do
Enter the user name of the person whose account you wish to remove
from the system. By answering "yes" in the "Remove
Authentication Information?" option, the system will remove the
user's password and other user authentication information. Press the
key associated with the "Do" function to remove the
user.
Remove a User from the System
Type or select values in entry fields.
Press Enter AFTER making all desired changes.
[Entry Fields]
* User NAME [jdoe00] +
Remove AUTHENTICATION information? yes +
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
x ARE YOU SURE? x
x x
x Continuing may delete information you may want x
x to keep. This is your last chance to stop x
x before continuing. x
x Press Enter to continue. x
x Press Cancel to return to the application. x
x x
F1x F1=Help F2=Refresh F3=Cancel x
Esx Esc+8=Image Esc+0=Exit Enter=Do x
Esmqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj
Press the "Enter" key to continue
COMMAND STATUS
Command: stdout: no stderr: no
Before command completion, additional instructions may appear below.
F1=Help F2=Refresh F3=Cancel Esc+6=Command
Esc+8=Image Esc+9=Shell Esc+0=Exit /=Find
n=Find Next
If the user name is successfully removed from the system, the
"Command:" field in the upper left corner of the screen
will show an "OK" status. If not, it will show a
"FAILED" status. When finished, press the key associated
with the "Cancel" function.
Remove a User from the System
Type or select values in entry fields.
Press Enter AFTER making all desired changes.
[Entry Fields]
* User NAME [jdoe00] +
Remove AUTHENTICATION information? yes +
F1=Help F2=Refresh F3=Cancel F4=List
Esc+5=Reset Esc+6=Command Esc+7=Edit Esc+8=Image
Esc+9=Shell Esc+0=Exit Enter=Do
You may enter another user name to remove from the system, or return
to the previous menu by pressing the key associated with the
"Cancel" function.
Users
Move cursor to desired item and press Enter.
Add a User
Change a User's Password
Change / Show Characteristics of a User
Lock / Unlock a User's Account
Reset User's Failed Login Count
Remove a User
List All Users
F1=Help F2=Refresh F3=Cancel Esc+8=Image
Esc+9=Shell Esc+0=Exit Enter=Do
To obtain a list of all users which currently exist on the system,
select the menu item labeled "List All Users" and press the
key associated with the "Do" function.
select the
COMMAND STATUS
Command: stdout: no stderr: no
Before command completion, additional instructions may appear below.
[TOP]
root 0 /root
daemon 1 /etc
bin 2 /bin
sys 3 /usr/sys
adm 4 /var/adm
uucp 5 /usr/lib/uucp
guest 100 /home/guest
nobody -2 /
lpd 9 /
invscout 200 /home/invscout
imnadm 201 /home/imnadm
nuucp 6 /var/spool/uucppublic
ipsec 202 /etc/ipsec
cduser 1013 /ftwecs02/cduser
dfren00 6023717 /home/dfren00
ctrlm01 203 /ftwecs02/bmc/ctrlm01
ecs02 48476 /ftwecs02/bmc/ecs
gharr01 19950048 /home/gharr01
cdaye00 2250908 /home/cdaye00
jbass00 8543071 /home/jbass00
sstev00 9681230 /home/sstev00
rplan00 5949631 /home/rplan00
eperm00 5786702 /home/eperm00
jvang00 2971999 /home/jvang00
lhols00 8429661 /home/lhols00
rgaug00 3094649 /home/rgaug00
sbutl00 5375344 /home/sbutl00
kerns00 8466762 /home/kerns00
ntann00 6170783 /home/ntann00
gharr00 8068672 /home/gharr00
phend00 1603417 /home/phend00
dmars00 8525775 /home/dmars00
gharp00 7154720 /home/gharp00
jdean00 5944579 /home/jdean00
ckeen00 6015058 /home/ckeen00
appl00 0 /home/appl00
shutdown 1719692 /shutdown
controlm 8112790 /ftwecs02/bmc/controlm
ctmagent 2751564 /ftwecs02/bmc/ctmagent
ecs 11877124 /ftwecs02/bmc/ecs
mqm 11873440 /ftwecs02/ibm/mqm
[BOTTOM]
F1=Help F2=Refresh F3=Cancel Esc+6=Command
Esc+8=Image Esc+9=Shell Esc+0=Exit /=Find
n=Find Next
When finished view the list of users, return to the previous menu by
pressing the key associated with the "Cancel" function.
Users
Move cursor to desired item and press Enter.
Add a User
Change a User's Password
Change / Show Characteristics of a User
Lock / Unlock a User's Account
Reset User's Failed Login Count
Remove a User
List All Users
F1=Help F2=Refresh F3=Cancel Esc+8=Image
Esc+9=Shell Esc+0=Exit Enter=Do
To exit the user administration menu, press the key associated with
the "Cancel" function.
Initializing Passwords
To initialize a users password or if the old password of the user is
not known, use the following method to reset a users password. From a
command prompt:
$ pwdadm <USER NAME>
Where <USER NAME> represents the user name of the person for
whom you wish to change their password. For more information about the
"pwdadm" command see the
manual page.
For example, to change the password of the user
"jdoe00":
$ pwdadm jdoe00
Changing password for "jdoe00"
aafif00's Password:
jdoe00's New password:
Enter the new password again:
$
Note: The system will require the user
administrator to enter their password in order to confirm their
identity, before allowing them to change the users password.
Root users and members of the security group should not change their
personal password with this command. These users should use the
"passwd"
command. For more information about the
"passwd"
command see the
manual page.
If a password is entered that does not conform to the MSB accepted
standards, a message similar to the following will be displayed:
3004-602 The required password characteristics are:
a minimum of 5 alphabetic characters.
a minimum of 3 non-alphabetic characters.
a minimum of 3 characters not found in old password.
a maximum of 3 repeated characters.
a minimum of 8 characters in length.
3004-603 Your password must have:
a minimum of 3 non-alphabetic characters.
3004-335 Passwords must not match words in the dictionary.
User Administration
User Administrators are allowed to:
- Create regular users.
- Change attributes of regular users.
- Delete regular users.
- Use "
pwdadm" command to change the passwords of regular users.
- Use "
passwd" command to change their own password.
- Use "
smit" to change their own password.
User Administrators are NOT allowed to:
- Create administrative users.
- Change attributes of administrative users.
- Delete administrative users.
- Use "
passwd" command to change the passwords of regular users unless the users old password is known.
- Remove files and directories owned by another user without explicit file system permission.
- Change access permissions on files or directories owned by another user without explicit file system permission.
Required AIX Commands
|
