tpaddusr
-create a BEA TUXEDO password file
tpaddusr
usrname file
[cltname
[uid
]]
This command allows an application administrator to create a UNIX System style password file suitable for use with the BEA TUXEDO AUTHSVR
(5) server. tpaddusr
adds the user usrname
to the password file file
(the file cannot be /etc/passwd)
. The administrator is prompted for an initial password to be associated with the user. file
will be created if necessary with permissions 0600. cltname
, if specified, indicates a further qualifier on the password entry. usrname and/or cltname may be specified as the character '*' which is considered a wildcard by AUTHSVR
(5). uid
, if specified, indicates the numeric user identifier to be returned with a successful authentication of the user. cltname
and uid
default to '*' and -1 respectively if not specified.
The cltname
values tpsysadm
and tpsysop
are treated specially by AUTHSVR
(5) when processing authentication requests. These cltname
values will not be matched against wildcard cltname specifications in the password file.
Additionally, regardless of the order of addition to the password file, wildcard entries are considered after explicitly specified values. An authentication request is authenticated against only the first matching password file entry.
This command is available only on UNIX System sites running BEA TUXEDO Release 5.0 or later.
This command is used to configure users for SECURITY
USER_AUTH
. For compatibility with SECURITY
ACL
or MANDATORY_ACL
(including the ability to migrate to these security levels), the following restrictions should be applied. 1. User names should be unique and not use the wild-card. 2. User identifiers should be greater than 0, less than 128K, and unique. 3. The file name should be $APPDIR/tpusr
.
These restrictions are enforced by the tpusradd
(1) command.
The following sequence of command invocations shows the construction of a simple password file.
$ # 1. Add usrname foo with wildcard cltname and no uid
$ tpaddusr foo /home/tuxapp/pwfile
$ # 2. Add usrname foo with cltname bar and uid 100
$ tpaddusr foo /home/tuxapp/pwfile bar 100
$ # 3. Add usrname foo with tpsysadm cltname and no uid
$ tpaddusr foo /home/tuxapp/pwfile tpsysadm
$ # 4. Add wildcard usrname with tpsysop cltname and no uid
$ tpaddusr '*' /home/tuxapp/pwfile tpsysop
$ # 5. Add wildcard usrname with wildcard cltname and no uid
$ tpaddusr '*' /home/tuxapp/pwfile '*'
The following table shows the password file entry (indicated by numbers shown above) used to authenticate various requests for access to the application. N/A indicates that the request is disallowed because no password file entry exists to be matched against.
Usrname Cltname Password Entry
------ ------- --------------
"foo" "bar" 2
"foo" "" 1
"foo" "tpsysadm" 3
"foo" "tpsysop" 4
"guest" "tpsysop" 4
"guest" "bar" 5
"guest" "tpsysadm" N/A
Lastly, following is an example SERVERS
section entry for an instance of AUTHSVR
that works with the password file generated above.
AUTHSVR SRVGRP=G SRVID=1 RESTART=Y GRACE=0 MAXGEN=2 CLOPT="-A -- -f /home/tuxapp/pwfile"
tpdelusr
(1), tpmodusr
(1), tpusradd
(1), tpusrdel
(1), tpusrmod
(1), AUTHSVR
(5)