tpaddusr-create a BEA TUXEDO password file
tpaddusrusrname file[cltname[uid]]
This command allows an application administrator to create a UNIX System style password file suitable for use with the BEA TUXEDO AUTHSVR(5) server. tpaddusr adds the user usrname to the password file file (the file cannot be /etc/passwd). The administrator is prompted for an initial password to be associated with the user. file will be created if necessary with permissions 0600. cltname, if specified, indicates a further qualifier on the password entry. usrname and/or cltname may be specified as the character '*' which is considered a wildcard by AUTHSVR(5). uid, if specified, indicates the numeric user identifier to be returned with a successful authentication of the user. cltname and uid default to '*' and -1 respectively if not specified.
The cltname values tpsysadm and tpsysop are treated specially by AUTHSVR(5) when processing authentication requests. These cltname values will not be matched against wildcard cltname specifications in the password file.
Additionally, regardless of the order of addition to the password file, wildcard entries are considered after explicitly specified values. An authentication request is authenticated against only the first matching password file entry.
This command is available only on UNIX System sites running BEA TUXEDO Release 5.0 or later.
This command is used to configure users for SECURITY USER_AUTH. For compatibility with SECURITY ACL or MANDATORY_ACL (including the ability to migrate to these security levels), the following restrictions should be applied. 1. User names should be unique and not use the wild-card. 2. User identifiers should be greater than 0, less than 128K, and unique. 3. The file name should be $APPDIR/tpusr.
These restrictions are enforced by the tpusradd(1) command.
The following sequence of command invocations shows the construction of a simple password file.
$ # 1. Add usrname foo with wildcard cltname and no uid
$ tpaddusr foo /home/tuxapp/pwfile
$ # 2. Add usrname foo with cltname bar and uid 100
$ tpaddusr foo /home/tuxapp/pwfile bar 100
$ # 3. Add usrname foo with tpsysadm cltname and no uid
$ tpaddusr foo /home/tuxapp/pwfile tpsysadm
$ # 4. Add wildcard usrname with tpsysop cltname and no uid
$ tpaddusr '*' /home/tuxapp/pwfile tpsysop
$ # 5. Add wildcard usrname with wildcard cltname and no uid
$ tpaddusr '*' /home/tuxapp/pwfile '*'
The following table shows the password file entry (indicated by numbers shown above) used to authenticate various requests for access to the application. N/A indicates that the request is disallowed because no password file entry exists to be matched against.
Usrname Cltname Password Entry
------ ------- --------------
"foo" "bar" 2
"foo" "" 1
"foo" "tpsysadm" 3
"foo" "tpsysop" 4
"guest" "tpsysop" 4
"guest" "bar" 5
"guest" "tpsysadm" N/A
Lastly, following is an example SERVERS section entry for an instance of AUTHSVR that works with the password file generated above.
AUTHSVR SRVGRP=G SRVID=1 RESTART=Y GRACE=0 MAXGEN=2 CLOPT="-A -- -f /home/tuxapp/pwfile"
tpdelusr(1), tpmodusr(1), tpusradd(1), tpusrdel(1), tpusrmod(1), AUTHSVR(5)