Corporate Info  |  News  |  Solutions  |  Products  |  Partners  |  Services  |  Events  |  Download  |  How To Buy
	http://www.oracle.com/technology/documentation/index.html   |   Site Map   |   Search   |   PDF Files   |   Contact   |   Glossary
Tuxedo Doc Home   |   Reference   |   Topic List   |   Previous   |   Next   |   Contents

   BEA Tuxedo Command Reference

tpaddusr - create a BEA Tuxedo password file

tpaddusr usrname file [cltname [UID]]

This command allows an application administrator to create a UNIX System style password file suitable for use with the BEA Tuxedo AUTHSVR(5) server. tpaddusr adds the user usrname to the password file file (the file cannot be /etc/passwd). The administrator is prompted for an initial password to be associated with the user. If necessary, file is created with permissions 0600. cltname, if specified, indicates a further qualifier on the password entry. usrname and/or cltname may be specified as the asterisk (*) which is considered a wildcard by AUTHSVR(5). If specified, UID indicates the numeric user identifier to be returned with a successful authentication of the user. If not specified, cltname and UID default to * and -1, respectively.

The cltname values tpsysadm and tpsysop are treated specially by AUTHSVR(5) when authentication requests are processed. These cltname values are not matched against wildcard cltname specifications in the password file.

Additionally, regardless of the order of addition to the password file, wildcard entries are considered after explicitly specified values. An authentication request is authenticated against only the first matching password file entry.

This command is available on any platform on which the BEA Tuxedo server environment is supported.

This command is used to configure users for SECURITY USER_AUTH. For compatibility with SECURITY ACL or MANDATORY_ACL (including the ability to migrate to these security levels), the following restrictions should be applied.

• User names should be unique and should not include the wild-card character.

• User identifiers should be unique. They should be greater than 0 and less than 128K.

• The filename should be $APPDIR/tpusr.

These restrictions are enforced by the tpusradd(1) command.

The following sequence of command invocations shows hows to construct a simple password file.

$ # 1. Add usrname foo with wildcard cltname and no UID  
$ tpaddusr foo /home/tuxapp/pwfile  
$ # 2. Add usrname foo with cltname bar and UID 100  
$ tpaddusr foo /home/tuxapp/pwfile bar 100  
$ # 3. Add usrname foo with tpsysadm cltname and no UID  
$ tpaddusr foo /home/tuxapp/pwfile tpsysadm  
$ # 4. Add wildcard usrname with tpsysop cltname and no UID  
$ tpaddusr '*' /home/tuxapp/pwfile tpsysop  
$ # 5. Add wildcard usrname with wildcard cltname and no UID  
$ tpaddusr '*' /home/tuxapp/pwfile '*'

The following table shows the password file entry (indicated by the numbers shown above) used to authenticate various requests for access to the application. N/A indicates that the request is disallowed because the password file does not include an entry against which a match can be attempted.

Usrname Cltname Password Entry 
------ ------- --------------  
"foo"   "bar"         2  
"foo"   ""            1  
"foo"   "tpsysadm"    3  
"foo"   "tpsysop"     4  
"guest" "tpsysop"     4  
"guest" "bar"         5  
"guest" "tpsysadm"    N/A

The following is an example SERVERS section entry for an instance of AUTHSVR that works with the password file generated above.

AUTHSVR SRVGRP=G SRVID=1 RESTART=Y GRACE=0 MAXGEN=2 CLOPT="-A -- -f /home/tuxapp/pwfile"

tpdelusr(1), tpmodusr(1), tpusradd(1), tpusrdel(1), tpusrmod(1), AUTHSVR(5)