Command Reference
tpaddusr
—Creates a BEA Tuxedo password file.
tpaddusr
usrname file
[cltname
[UID
]]
This command allows an application administrator to create a UNIX system style password file suitable for use with the BEA Tuxedo AUTHSVR(5) server. tpaddusr
adds the user usrname
to the password file file
(the file cannot be /etc/passwd
). The administrator is prompted for an initial password to be associated with the user. If necessary, file
is created with permissions 0600. cltname
, if specified, indicates a further qualifier on the password entry. usrname
and/or cltname
may be specified as the asterisk (*
) which is considered a wildcard by AUTHSVR(5). If specified, UID
indicates the numeric user identifier to be returned with a successful authentication of the user. If not specified, cltname
and UID
default to *
and -1,
respectively.
The cltname
values tpsysadm
and tpsysop
are treated specially by AUTHSVR(5) when authentication requests are processed. These cltname
values are not matched against wildcard cltname
specifications in the password file.
Additionally, regardless of the order of addition to the password file, wildcard entries are considered after explicitly specified values. An authentication request is authenticated against only the first matching password file entry.
This command is available on any platform on which the BEA Tuxedo ATMI server environment is supported.
This command is used to configure users for SECURITY
USER_AUTH
. For compatibility with SECURITY
ACL
or MANDATORY_ACL
(including the ability to migrate to these security levels), the following restrictions should be applied.
$APPDIR/tpusr
.These restrictions are enforced by the tpusradd(1)
command.
The following sequence of command invocations shows how to construct a simple password file.
$ # 1. Add usrname foo with wildcard cltname and no UID
$ tpaddusr foo /home/tuxapp/pwfile
$ # 2. Add usrname foo with cltname bar and UID 100
$ tpaddusr foo /home/tuxapp/pwfile bar 100
$ # 3. Add usrname foo with tpsysadm cltname and no UID
$ tpaddusr foo /home/tuxapp/pwfile tpsysadm
$ # 4. Add wildcard usrname with tpsysop cltname and no UID
$ tpaddusr '*' /home/tuxapp/pwfile tpsysop
$ # 5. Add wildcard usrname with wildcard cltname and no UID
$ tpaddusr '*' /home/tuxapp/pwfile '*'
The following table shows the password file entry (indicated by the numbers shown above) used to authenticate various requests for access to the application. N/A
indicates that the request is disallowed because the password file does not include an entry against which a match can be attempted.
Usrname Cltname Password Entry
------ ------- --------------
"foo" "bar" 2
"foo" "" 1
"foo" "tpsysadm" 3
"foo" "tpsysop" 4
"guest" "tpsysop" 4
"guest" "bar" 5
"guest" "tpsysadm" N/A
The following is an example SERVERS
section entry for an instance of AUTHSVR
that works with the password file generated above.
AUTHSVR SRVGRP=G SRVID=1 RESTART=Y GRACE=0 MAXGEN=2 CLOPT="-A -- -f /home/tuxapp/pwfile"
tpdelusr(1)
, tpmodusr(1)
, tpusradd(1)
, tpusrdel(1)
, tpusrmod(1)
, AUTHSVR(5)