test

SunScreen 3.1 Reference Manual

Creating an Authorized User Object

The authorized user object is manipulated using the authuser subcommand of ssadm edit. authuser takes one of the following verbs:

The following is an example of what you type to display an existing authorized user object while logged into the primary Screen:


admin% ssadm -r primary edit Initial
edit> authuser print jeff.hogg
"jeff.hogg" ENABLED PASSWORD={ "" CRYPT_PASSWORD="s8Q2DZRw4tmGk" ENABLED } 
DESCRIPTION="large and in charge" REAL_NAME="Jeff Hogg"

print surrounds the value of each item in double quotes. These are only necessary on input to protect embedded spaces within the values of items or to preserve null items.

print produces all tag names in capital letters (for example, REAL_NAME=). On input, the case for these tags is not important (for example, real_name= and REAL_NAME= are equivalent.)

Because of the way in which passwords are encrypted, it is unlikely that any add operation will yield a particular crypt_password= encoding of any given plaintext password. In fact, there are 4096 different encryptions of any given plaintext password.

The following is an example of what you type to create the above authorized user object while logged into the primary Screen:


admin% ssadm -r primary edit Initial
edit> authuser add jeff.hogg password={ "4flash" } 
description="large and in charge" real_name="Jeff Hogg"
edit> quit

This shows creation of the object by supplying the simple-text password in the plaintext form.

An alternate means of creating the above authorized user object, while logged in to the primary Screen:


admin% ssadm -r primary edit Initial
edit> authuser add jeff.hogg password={ "" crypt_password="s8Q2DZRw4tmGk" } 
description="large and in charge" real_name="Jeff Hogg"
edit> quit

This shows creation of the object by supplying the simple-text password in its already encrypted form

In each of the above add operations, the items have been allowed to default to enabled.

The following is an example of what you type, while logged into the primary Screen, to re-create the above authorized user object so that it is disabled:


admin% ssadm -r primary edit Initial
edit> authuser add jeff.hogg  disabled password={ "" crypt_password="s8Q2DZRw4tmGk" } 
description="large and in charge" real_name="Jeff Hogg"

The following is an example of what you type to create an authorized user object defining a SecurID authentication method, while logged into the primary Screen:


admin% ssadm -r primary edit Initial
edit> authuser add jeff.hogg securid={ "jeffh" } 
description="large and in charge" real_name="Jeff Hogg"

The following is an example of what you type to create an authorized user object defining both simple-text password and SecurID authentication methods, while logged into the primary Screen:


admin% ssadm -r primary edit Initial
edit> authuser add jeff.hogg password={ "" crypt_password="s8Q2DZRw4tmGk" } 
securid={ "jeffh" }  description="large and in charge" real_name="Jeff Hogg"

The following is an example of what you type to display all authorized user objects, while logged into the primary Screen:


admin% ssadm -r primary edit Initial
edit> authuser print "admin" ENABLED PASSWORD={ "" CRYPT_PASSWORD="1hp1R.xm.w63Q" ENABLED } 
DESCRIPTION="(created by install)" REAL_NAME="SunScreen Administrator"  "jeff.hogg" ENABLED 
SECURID={ "jeffh" ENABLED } DESCRIPTION="large and in charge" REAL_NAME="Jeff Hogg"

The following is an example of what you type to display the names of all authorized user objects, while logged into the primary Screen:


admin% ssadm -r primary edit Initial
edit> authuser names,raw"jeff.hogg" "admin"