Authorized User Object Creation
The Authorized User object is manipulated using the authuser sub-command of ssadm edit. authuser takes one of the following verbs:
add "name" item... -- creates or overwrites an object; takes a complete description of the object, beginning with its name, followed by desired items and sub-items as defined above.
delete "name"-- deletes a named object
print[,sortopt] ["name"]-- display one or more objects; if an object name is given, then only that objects definition is displayed; otherwise all Authorized User objects are displayed
sortopt can be:
-
asc ascending order by name (case-sensitive)
-
desc descending order by name (case-sensitive)
-
iasc ascending order by name (case-insensitive)
-
idesc descending order by name (case-insensitive)
-
raw order stored in database
-
default is asc
names [,sortopt]-- display the names of all objects sortopt can be:
-
asc ascending order by name (case-sensitive)
-
desc descending order by name (case-sensitive)
-
iasc ascending order by name (case-insensitive)
-
idesc descending order by name (case-insensitive)
-
raw order stored in database
-
default is asc.
The following is an example of what you type to display an existing Authorized User object while logged into the primary Screen:
admin% ssadm -r primary edit Initialedit> authuser print jeff.hogg"jeff.hogg" ENABLED
PASSWORD={ "" CRYPT_PASSWORD="s8Q2DZRw4tmGk" ENABLED }
DESCRIPTION="large and in charge" REAL_NAME="Jeff
Hogg"
admin% ssadm -r primary edit Initialedit> authuser print jeff.hogg
"jeff.hogg" ENABLED
PASSWORD={ "" CRYPT_PASSWORD="s8Q2DZRw4tmGk" ENABLED
} DESCRIPTION="large and in charge" REAL_NAME="Jeff
Hogg"
|
Note -
Although the output produced by print surrounds the value of each item in double quotes, these are only necessary on input to protect embedded spaces within the values of items, or to preserve null items.
Also, although print outputs all tag names in capital letters (for example, REAL_NAME=), these tags are recognized in a case-insensitive manner on input (for example, real_name= and REAL_NAME= are equivalent.)
Note -
Because of the way in which passwords are encrypted, it is unlikely that any add operation will yield a particular crypt_password= encoding of any given plain-text password. In fact, there are 4096 different encryptions of any given plain-text password.
The following is an example of what you type to create the above Authorized User object while logged into the primary Screen:
admin% ssadm -r primary edit Initialedit> authuser add jeff.hogg password={ "4flash" } description="large and in charge" real_name="Jeff Hogg"edit> quit
|
This shows creation of the object by supplying the simple-text password in the plain-text form.
An alternate means of (re)creating the above Authorized User object, while logged in to the primary Screen:
admin% ssadm -r primary edit Initialedit> authuser add jeff.hogg password={ "" crypt_password="s8Q2DZRw4tmGk" } description="large and in charge" real_name="Jeff Hogg"edit> quit
|
Note -
This shows creation of the object by supplying the simple-text password in its already encrypted form.
Tip -
It is not necessary to type save before quit above if only authuser, proxyuser, logmacro, or vars entities have been altered.
If you attempt to save without changing entities other than these types, you are reminded by a message:
edit> savelock not held failed (status 244) |
This is a non-fatal message in this situation; you can simply quit the configuration editor at this point.
Note -
See Chapter 3, "Administration Graphical User Interface Reference" for more information regarding which common objects do not require the use of save.
Once changes have been made to Authorized User objects, the system configuration must be (re)activated to install the new objects and to propagate these changes to secondary Screens.
In each of the above add operations, the (two) enablement items have been allowed to default to enabled.
The following is an example of what you type to re-create the above Authorized User object but causing it to be disabled, while logged into the primary Screen:
admin% ssadm -r primary edit Initial
edit> authuser add jeff.hogg disabled password={ "" crypt_password="s8Q2DZRw4tmGk" } description="large and in charge" real_name="Jeff Hogg"
|
The following is an example of what you type to create an Authorized User object defining a SecurID authentication method, while logged into the primary Screen:
admin% ssadm -r primary edit Initial
edit> authuser add jeff.hogg securid={ "jeffh" } description="large and in charge" real_name="Jeff Hogg"
|
The following is an example of what you type to create an Authorized User object defining both simple-text password and SecurID authentication methods, while logged into the primary Screen:
admin% ssadm -r primary edit Initialedit> authuser add jeff.hogg password={ "" crypt_password="s8Q2DZRw4tmGk" } securid={ "jeffh" } description="large and in charge" real_name="Jeff Hogg"
|
The following is an example of what you type to display all Authorized User objects, while logged into the primary Screen:
admin% ssadm -r primary edit Initialedit> authuser print
"admin" ENABLED PASSWORD={ "" CRYPT_PASSWORD="1hp1R.xm.w63Q" ENABLED } DESCRIPTION="(created by install)" REAL_NAME="SunScreen Administrator"
"jeff.hogg" ENABLED SECURID={ "jeffh" ENABLED } DESCRIPTION="large and in charge" REAL_NAME="Jeff Hogg"
|
The following is an example of what you type to display the names of all Authorized User objects, while logged into the primary Screen:
admin% ssadm -r primary edit Initialedit> authuser names,raw"jeff.hogg" "admin" |
- © 2010, Oracle Corporation and/or its affiliates