chg-user

4.157 chg-user

Use this command to change user access to commands, change user ID’s, and change passwords.

Parameters

Note:

Allcc(X)parameters consist of a configurable command class name (ayy), and indicator (-yesor-no) to specify whether the command class is allowed. A value ofayy-yesindicates that the value is allowed. A value ofayy-noindicates that the value is not allowed.

uid (mandatory)

User ID

Range:: azzzzzzzzzzzzzzz
1 alphabetic character followed by up to 15 alphanumeric characters

all (optional)

Specifies whether or not the user ID is assigned all non-configurable command classes (LINK, SA, SYS, PU, DB, DBG, LNP).

Range:

yes
no

Default:

No change to the current value

cc1 (optional)

Configurable command class name and an indicator to specify whether the User ID can enter commands assigned to the specified command class.

Range:: ayy
Specify the parameter value in the format ayy-no or ayy-yes .

cc2 (optional)

Configurable command class name and an indicator to specify whether the User ID can enter commands assigned to the specified command class.

Range:: ayy
Specify the parameter value in the format ayy-no or ayy-yes .

cc3 (optional)

Configurable command class name and an indicator to specify whether the User ID can enter commands assigned to the specified command class.

Range:: ayy
Specify the parameter value in the format ayy-no or ayy-yes .

cc4 (optional)

Configurable command class name and an indicator to specify whether the User ID can enter commands assigned to the specified command class.

Range:: ayy
Specify the parameter value in the format ayy-no or ayy-yes .

cc5 (optional)

Configurable command class name and an indicator to specify whether the User ID can enter commands assigned to the specified command class.

Range:: ayy
Specify the parameter value in the format ayy-no or ayy-yes .

cc6 (optional)

Configurable command class name and an indicator to specify whether the User ID can enter commands assigned to the specified command class.

Range:: ayy
Specify the parameter value in the format ayy-no or ayy-yes .

cc7 (optional)

Configurable command class name and an indicator to specify whether the User ID can enter commands assigned to the specified command class.

Range:: ayy
Specify the parameter value in the format ayy-no or ayy-yes .

cc8 (optional)

Configurable command class name and an indicator to specify whether the User ID can enter commands assigned to the specified command class.

Range:: ayy
Specify the parameter value in the format ayy-no or ayy-yes .

db (optional)

Access to all commands in command class Database Administration.

Range:

yes
no

Default:

No change to the current value

dbg (optional)

Access to all commands in command class Debug.

Range:

yes
no

Default:

No change to the current value

link (optional)

Access to all commands in command class Link Maintenance.

Range:

yes
no

Default:

No change to the current value

nuid (optional)

New user ID

Range:: azzzzzzzzzzzzzzz 1 alphabetic character followed by up to 15 alphanumeric characters
Default:: No change to the current value

page (optional)

The maximum age of the password, in days. The STP automatically prompts the user for a new password at login if the user’s password is older than the value specified for the page parameter.

Range:: 0 - 999
Default:: No change to the current value

pid (optional)

Password ID. Required only if changing the password of a user.

Range:

yes
no

Default:

No change to the current value

pu (optional)

Access to all commands in command class Program Update.

Range:

yes
no

Default:

No change to the current value

revoke (optional)

Revoke the user ID. The system rejects login attempts for a revoked user ID.

Range:

yes
no

Default:

No change to the current value

rstlsl (optional)

Reset the user ID. Use this command to reset the last successful login date, for this user ID, to the current date. If the user ID has been prevented login for non-use, use the rstlsl=yes parameter to allow the user ID access again.

Range:

yes
no

Default:

No change to the current value

sa (optional)

Access to all commands in command class Security Administration.

Range:

yes
no

Default:

No change to the current value

sys (optional)

Access to all commands in command class System Maintenance.

Range:

yes
no

Default:

No change to the current value

uout (optional)

User ID aging interval. The number of successive days a user ID can go unused (that is, no successful login) before the system denies login of that user ID.

Range:: 0 - 999
Default:: The value specified for the uout parameter on the chg-secu-dflt command

Example

chg-user:uid=john:nuid=johnmayer

chg-user:uid=john:nuid=john*mayer

chg-user:uid=john:db=yes

chg-user:uid=user123:cc1=dab-no:cc2=krb-yes

Dependencies

Passwords cannot be created or modified from a telnet terminal (terminal IDs 17-40) unless the OA&M IP Security Enhancements feature is turned on.

Changes to a user ID cannot be made while that user is logged on the system.

The revoke=yes parameter cannot be specified for a user ID with system administration authorization.

The Command Class Management feature must be enabled before a configurable command class name can be specified in the cc1 - cc8 parameters.

The UserID table must be accessible.

The Password table must be accessible.

The CCCNAMES table must be accessible.

The values specified in the cc1 - cc8 parameters must be valid default ( u01 - u32 ) or provisioned configurable command class names.

Notes

When the pid=yes parameter is specified, the system issues a separate prompt for this password and disables character echo at the terminal so that the entered password is not displayed on the screen. After the password has been entered, the system issues a second prompt, and the password must be entered again. This feature ensures that no typing mistakes were made on the first entry. The password must adhere to all password provisioning rules as established by the chg-secu-dflt command. These rules are displayed on the screen when the password prompt is presented.

The current password is not required when assigning a new password.

Use the following rules for changing passwords:

A new password cannot contain more than 20 characters.
A new password must contain at least the number of characters that is specified in the minlen parameter of the chg-secu-dflt command.
A new password must contain at least the number of alphabetic, numeric, and punctuation characters specified in the chg-secu-dflt command.

A new password cannot contain the associated user ID.

As a default, the command class Basic is assigned to all users. If no other command class is assigned, the user still has access to commands in the Basic class.

Up to 8 configurable command class name parameters can be specified in one command. Additional commands can be entered to assign user access for more than 8 names. To assign user access for all 32 available configurable command class names, you could enter four commands with 8 names specified in each command.

Output


                chg-user:uid=john:nuid=johnmayer


    rlghncxa03w 04-01-07 11:11:28 EST  EAGLE 31.3.0
    CHG-USER: MASP A - COMPLTD 
;


                chg-user:uid=test:pid=yes

tklc1121003 21-06-24 15:16:24 EST  EAGLE 47.0.0.0.0
    New password must contain:
      - between 8 and 20 characters
      - at least 8 alphabetic character(s) ('a'-'z')
      - at least 1 numeric character(s) ('0'-'9')
      - at least 1 punctuation character(s) (e.g. $%@#)
    New password must:
      - be unique from the old password
      - be unique from the last 8 historical password(s)
      - not reuse more than 4 character(s) from the old password
;
    tklc1121003 21-06-24 15:16:34 EST  EAGLE 47.0.0.0.0
    CHG-USER: MASP A - COMPLTD
;

Related Topics