I Information Used by the edrgy Command

The following tables list the information prompted for by the edrgy command. Table B-1 lists the information the edrgy command requires to create and maintain persons;

Table B-2 lists the information required for groups and organizations; and Table B-3 lists the information required for accounts.

edrgy Quick Reference B-1

Table B-1. Information Used by edrgy to Create and Maintain Persons

Information Description Entry Format

Full Name An optional name used to more A series of characters enclosed fully describe a primary name. in quotes. Spaces are allowed.

Owner The person's owner. p.g.o

Primary Name The required standard name A series of up to 8 characters (if associated with the person. your system imposes UNIX

restrictions) or up to 32 characters (if your system does not impose UNIX restrictions). Name can consist of only lowercase letters, digits, and underscore characters.

UNIX Number The required UNIX ID associated A number between 0 and 65535, with the person. (This ID is used inclusive. Avoid using numbers for compatibility with existing lower than 100 because they may UNIX programs.) be reserved in future releases.

Table B-2. In/ormation Used by edrgy to Create and Maintain Groups and Organizations

Information Description Entry Format

Full Name An optional name used to more A series of characters enclosed in fully describe a primary name. quotes. Spaces are allowed.

Owner The group or organization owner. p.g.o

Password In SysVenvironments only, a A series of characters. Depending password that allows users who are on policies set for your company, not members of a group to passwords may have a minimum acquire the group's privileges. length and be restricted from

containing all spaces and from consisting of all alpha characters.

Primary Name The required standard name A series of up to 8 characters (if associated with the group or your system imposes UNIX

organization. restrictions) or up to 32 characters (if your system does not impose UNIX restrictions). Name can consist of only lowercase letters, digits, and underscore characters.

PROJLIST For groups only, whether the y or n group can be on project lists.

UNIX Number The required UNIX ID associated A number between 0 and 65535, with the group or organization inclusive. Numbers below 100 may (used for UNIX compatibility). be reserved in future releases.

Table B-3. Information Used by the edrgy Command to Create and Maintain Accounts assigns the shortest unique abbreviation possible.

For example, if mozart. composer. classic exists with the abbreviation mozart, the shortest abbreviation mozart. composer. none can have is mozart. composer. system performs the encryption.

When users log in, they are moved to their

To determine account validity. Invalid accounts cannot log in.

To determine whether the current password is valid. If this flag is set to No, the next time a user logs into the account, the system prompts change the password. (Note that this flag is separate from the password expiration policy, which sets time limits on password validity.)

edrgy Quick Reference B-3

Table B-4. Standard Policy Information Used by the edrgy Command number of days before passwords expire. indicates no minimum length)

• Whether passwords can consist

command, which requests that the user change the password. If the will invoke Ibin/passwd, which requests that the user change the

Table B-S. Override Policy Information Used by the edrgy Command

Policy Purpose

Password Exclusion Determines whether nonvalid strings can be entered as a password override and thus prevent users from logging in to specific machines.

Root Password Overrides Determines whether the root password can be overridden and thus allow individual machines to require a root password different from the one stored in the registry.

N onroot Password Overrides Determines whether any user's password can be overridden and thus allow individual machines to require an account password different from the one stored in the registry.

Home Directory Overrides Determines whether an account's home directory can be overridden for a specific machine and thus allow the account to have a home directory different from the one named in the registry.

Login Shell Overrides Determines whether an account's login shell can be overridden for a specific machine and thus allow the account to have a login shell different from the one named in the registry.

GECOS Overrides Determines whether an account's GECOS information can be overridden for a specific machine and thus allow the account to have GECOS information different from the information defined in the registry.

Table B-6. Property Information Used by the edrgy Command

Property Purpose

Registry Owner Identifies the owner of the registry as a whole.

Domain Owners Identifies owners of the person, group, and organization domains.

UNIX Restrictions Determines whether UNIX restrictions will be enforced. If they are:

• Names of registry objects can not exceed eight characters. If you do not apply this property, names can be up to 32 characters in length.

(UNIX name length restrictions do not apply to reserved names.)

• Accounts must have the p (person only) abbreviation.

• All password entries must use standard UNIX encryption.

Read-Only Property Determines whether the database is read-only.

edrgy Quick Reference B-S

B.2 edrgy Command Examples

The following pages provide examples of how to invoke, exit, and use the edrgy

command. The examples are organized alphabetically by task. For example, if you want to see an example of deleting an account, look under "deleting." Each page in this section has a header that names the first example on the page. For example, if a page contains examples for creating aliases, deleting accounts, and deleting groups and

organizations, the heading would be Creating Aliases. Use the headings to access the task examples as you would use key words in a dictionary.

Adding Accounts

B.2.1 Adding Accounts

Use the edrgy add command to create accounts. You must be in the account domain to add accounts. Before you create an account, the person, group, or organization that will make up the account must have been added to the database.

The following example shows the edrgy add command used to create the account mahler.symphonists.classic. The example assumes that you are in the account domain.

edrgy=> add

add account=> Enter account id [p.g.o): mahler.symphonists.classic Enter abbreviation type [P/pg/pgO): (p) p

Enter new password: (-apollo-) sixth Enter misc info in quotes: ()

Enter home directory: (I) 1I1eitmottf/mahler Enter shell: () Ibln/csh

Password valid [yIn)? (y) } -<Return> accepts defaults Enter expiration date [yy/mm/dd or 'none'): (none) for these prompts Account valid for login [YIn)? (y)

add account=~r---_ _ _ _ ~

edrgy=> <Return> exits from the add command

B.2.2 Adding Aliases

Use the edrgy add command to create aliases. To create aliases, you must be in the person domain.

The following example creates the alias gus for the person mahler. In the example, the UNIX ID identifies the person for whom the alias is being added.

edrgy=> do p e r s o 1 i ] I - - - - Domain changed to person

edrgy=> add gus 1683 -aIJ The -al option adds the aI/as "gus" for

edrgy=> the person Identified by UNIX 10 1683.

B.2.3 Adding Groups

Use the edrgy add command to add groups. You must be in the group domain to add groups.

The following example shows the edrgy add command used to add a group named symphonists. The example assumes you are in the group domain.

edrgy Quick Reference B-7