Digital DCE for OpenVMS VAX and OpenVMS Alpha
Reference Guide


Previous Contents Index


Chapter 3
Integrated Login EXPORT Commands

This chapter contains reference information on the Integrated Login EXPORT commands discussed in the Digital DCE for OpenVMS VAX and OpenVMS Alpha Product Guide.

3.1 Running the DCE Registry EXPORT Utility

The DCE EXPORT utility allows system administrators to create an OpenVMS authorization file from an existing DCE registry.

Integrated Login provides two methods of running the DCE EXPORT utility:


ADD/EXCLUDE

Adds a DCE principal name to the EXPORT exclude list.

Synopsis

ADD/EXCLUDE [PRINCIPAL]


Parameters

PRINCIPAL

Specifies the DCE principal name to be added to the EXPORT exclude list. Lowercase principal names must be enclosed in quotes.

Description

The ADD/EXCLUDE command adds a DCE principal name to the EXPORT exclude list. This command performs the same function as EXPORT/EXCLUDE.

DELETE/EXCLUDE

Deletes a DCE principal name from the EXPORT exclude list.

Synopsis

DELETE/EXCLUDE [PRINCIPAL]


Parameters

PRINCIPAL

Specifies the DCE principal name to be deleted from the EXPORT exclude list. Lowercase principal names must be enclosed in quotes.

Description

The DELETE/EXCLUDE command deletes a DCE principal name from the EXPORT exclude list.

EXIT

Exits the EXPORT utility.

Synopsis

EXIT


Description

The EXIT command exits the EXPORT utility and returns you to DCL. You can also exit EXPORT by pressing Ctrl/Z.

EXPORT

Creates OpenVMS accounts based on existing DCE accounts in the DCE registry.

Synopsis

EXPORT [DCE-ACCOUNT-NAME] /[NO]ADD_IDENTIFIERS /[NO]CONFIRM /DCE_LOGIN /[NO]EXCLUDE /[NO]INFORM /[NO]INTERACTIVE /OUTPUT=output /[NO]RECAP /[NO]TEST_ONLY /[NO]WILD
/[NO]ACCOUNT=account /DEVICE=device /DIRECTORY=directory /GROUP_UIC=group_uic /LIKE=vms_account /MEMBER_UIC=member_uic /[NO]OWNER=owner /PASSWORD=passwd /[NO]QUOTA=n /USERNAME=username


Parameters

DCE-ACCOUNT-NAME

Specifies the name of the DCE account that is to be exported. If the DCE account name contains lowercase characters, spaces or other special characters, enclose the name in quotes.

If you specify an asterisk for this argument, all accounts from the registry are selected.


Command Qualifiers

/ADD_IDENTIFIERS

/NOADD_IDENTIFIERS (default)

Adds identifiers for the username and account name to the OpenVMS rights database.

/CONFIRM

/NOCONFIRM

Controls whether the EXPORT command asks for confirmation before creating the OpenVMS account.

In interactive mode, the default is /CONFIRM. In noninteractive mode, the default is /NOCONFIRM.

/DCE_LOGIN=(keyword=value[,...])

Provides account details of a DCE account authorized to create principals and accounts in the DCE registry. Valid keywords for the DCE_LOGIN qualifier are:

PRINCIPAL --- The principal name to be used for authentication purposes when creating accounts and/or principals in the DCE registry. If you do not specify a principal using this qualifier, you are prompted for one interactively.

You must enclose the principal name in quotes to maintain lowercase.

PASSWORD --- The password associated with the principal name that was specified by the PRINCIPAL keyword. If you do not specify a password via this qualifier, you are prompted for one interactively. If you are an interactive user, if you do not specify the PASSWORD keyword and allow EXPORT to prompt you, the password is not echoed and does not appear on your terminal.

This information has to be entered only once per session, on the first EXPORT command. Subsequent EXPORT commands within the same session do not require you to reenter this information.

/EXCLUDE

/NOEXCLUDE (default)

Determines whether the DCE account is exported to OpenVMS. If the DCE account is not exported, then the OpenVMS account is not created. Instead, an entry is created in the EXPORT exclude file for the specified DCE account. EXPORT/EXCLUDE performs the same function as ADD/EXCLUDE.

/INFORM

/NOINFORM (default)

Determines whether the user is informed of DCE accounts that would have been selected for export, but are not selected because they have already been exported (they have an entry in the DCE$UAF) or they exist in the EXPORT exclude file.

/INTERACTIVE (default)

/NOINTERACTIVE

Controls whether an interactive or noninteractive export is performed.

In interactive mode a series of questions is asked and the user's responses are used to determine the account details. This mode is well suited to interactive users.

In noninteractive mode all input is supplied through the data qualifiers, and any missing or conflicting data causes the OpenVMS account to not be created. This mode is well suited to command files and batch jobs.

Data qualifiers can be specified in interactive mode. In this case the data they provide is used to provide the default answers to the relevant questions. All questions are asked.

/OUTPUT=output

Specifies the location at which all program output is written. The default is SYS$OUTPUT:.

/RECAP

/NORECAP (default)

If you specify /RECAP, details of the OpenVMS account are displayed before it is actually created. When /CONFIRM is also specified, the account details are displayed immediately before the confirmation request.

/TEST_ONLY

/NOTEST_ONLY (default)

If you specify /TEST_ONLY, OpenVMS accounts, identifiers, and DCE$UAF entries are not actually created.

/WILD (default)

/NOWILD

Specifies whether standard VMS wildcarding is applied to DCE-ACCOUNT-NAME. The default is /WILD, which means that a DCE-ACCOUNT-NAME of "SM*" is interpreted as "export any account starting with SM". If /NOWILD is specified, the DCE-ACCOUNT-NAME "SM*" is exported.

Data Qualifiers

/ACCOUNT=account (default)

/NOACCOUNT

Specifies the account string for the OpenVMS account (same as /ACCOUNT in AUTHORIZE). The account is a string of 1 to 8 alphanumeric characters.

If this qualifier is not specified, the DCE account's group name, truncated to 8 characters if necessary, is used. Specify /NOACCOUNT if no account field is required.

/DEVICE=device

Specifies the name of the OpenVMS account's default device at login. The device name is a string of 1 to 31 alphanumeric characters. If you omit the colon from the device name value, a colon is automatically appended.

The default device is copied from the device field from the account specified by the /LIKE qualifier.

/DIRECTORY=directory

Specifies the default directory name for the DIRECTORY field of the OpenVMS SYSUAF record. The directory name can be 1 to 63 alphanumeric characters. If you do not enclose the directory name in brackets, EXPORT adds the brackets for you.

The default directory name is [username], where username is the OpenVMS account's username.

/GROUP_UIC=group_uic

Specifies the group part of the UIC for the OpenVMS account. You can specify this qualifiier as an octal group UIC code or as an existing group UIC identifier. If specified as an octal number, it must be in the range 1 to 37776 (octal).

The default is to take the OpenVMS account's ACCOUNT field, convert it to uppercase, and interpret this as a group UIC identifier. If such an identifier does not exist, a similar translation is attempted for the DCE account's group name. If neither identifiers exist then the group UIC is derived from the OpenVMS account specified by the LIKE qualifier.

/LIKE=vms-account

Specifies an existing OpenVMS account to be used as the basis for the OpenVMS account being created. Any fields not specified on the EXPORT command line, as well as all quotas, privileges, and so on, are inherited from the /LIKE account. The default is DEFAULT (as it is in AUTHORIZE).

This qualifier is useful if you want to specify SYSUAF flags on a newly created account that are different from the default. In that case, use the /LIKE qualifier and specify an existing account with the desired SYSUAF flags.

/MEMBER_UIC=member_uic

Specifies the member part of the UIC for the OpenVMS account. /MEMBER_UIC should be specified as an octal number within the range 0 to 177776 (octal).

The default is to use the first available member UIC within the group UIC (as specified by /GROUP_UIC). For example, if the selected group is 150 and that group has members 1, 2, 5 and 6 already defined, then the new UIC is [150,3].

/OWNER=owner (default)

/NOOWNER

Specifies the owner string for the OpenVMS account (same as /OWNER in AUTHORIZE). The owner is a string of 1 to 31 characters.

If you do not specify this qualifier, the DCE account's principal name, truncated to 31 characters if necessary, is used. Specify /NOOWNER if no owner field is required.

/PASSWORD=passwd

Specifies the password for the OpenVMS account. Passwords can be from 0 to 32 characters in length and can include alphanumeric characters, dollar signs, and underscores. They are not case-sensitive.

If you do not specify a password, the account is created without a valid OpenVMS password.

/QUOTA=quota (default)

/NOQUOTA

Specifies the disk quota for the device specified by /DEVICE to be given to the OpenVMS account (if quotas are enabled on that volume).

The default is 1000 blocks. If quotas are not enabled on the device specified by /DEVICE or if /NOQUOTA is specified, then no quota is given.

/USERNAME=username

Specifies the username for the OpenVMS account. The username is a string of 1 to 12 alphanumeric characters. The string can contain underscores.

If you do not specify this qualifier, the DCE account's principal name, truncated to 12 characters and uppercased, is used.


Description

The DCE EXPORT command is used to create accounts in the OpenVMS system authorization file (SYSUAF) based on existing accounts in the DCE registry.

The DCE EXPORT function reads the specified account(s) from the DCE registry and for each selected account performs the following:

DCE EXPORT has two modes, interactive and noninteractive. Refer to the description of the /INTERACTIVE qualifier for details.

If the OpenVMS account already exists, it is treated as a success and the corresponding DCE$UAF entry is created.

If you want to specify SYSUAF flags that are different from the default on a newly created account, use the /LIKE qualifier and specify an existing account with the desired SYSUAF flags.


Examples

This section shows the dialog during an interactive EXPORT session.

Each question requires input from the user (note that in this context the user is probably the system administrator), and most questions offer a default. Some defaults vary depending upon the answers to previous questions, and some vary depending upon how you answered the same question before. This second feature is known as sticky input and reduces the amount of input the user must type. Some defaults are reset each time you start on a new OpenVMS account while others are carried forward to the next account; this is intra-account sticky input and inter-account sticky input, respectively.

All text comparisons are made case-blind. All nonquoted input is converted to uppercase before being stored in SYSUAF.

The DCE account details are displayed for the first (or current, or next) account as follows:


  1. DCE Account Details: 
     
    Principal:     smith (John Smith) 
    Group:         ETG 
    Organization:  OVMS 
     
    c - create OpenVMS account 
    x - add this DCE account to the EXPORT exclude file 
    s - skip this DCE account 
    e - exit IMPORT 
     
    Enter option (c/x/s/e) [c]: 
    

    Default: c
    Sticky Input: Inter-Account
    Valid Responses: c x s e
    Case-Sensitive: No
    Invalid Response causes question to be re-asked: Yes
    The DCE account details are displayed for the first (or current) account and the user is asked which action is required for this account.
    If the user enters c then the dialog continues from step 2.
    If the user enters x then an entry for this DCE account is created in the EXPORT exclude file and the dialog continues from step 1.
    If the user enters s then the current DCE account is not processed any further, the next DCE account (if any) is selected, and the dialog continues from step 1.
    If the user enters e, then the EXPORT utility terminates.


  2. Enter OpenVMS account details: 
     
    OpenVMS Username [SMITH]: 
    

    Default: DCE registry principal name, forced to uppercase, truncated to 12 characters.
    Sticky Input: Intra-Account
    Valid Responses: Any string up to 12 characters
    Case-Sensitive: No
    Invalid Response causes question to be re-asked: Yes
    The user either enters a different OpenVMS username for the account or accepts the default.
    The EXPORT utility checks if the account already exists. If the account exists, an error message is displayed and the dialog continues from step 1.


  3. This OpenVMS account is to be based upon [DEFAULT]: 
    

    Default: DEFAULT
    Sticky Input: Inter-Account
    Valid Responses: Any string up to 12 characters
    Case-Sensitive: No
    Invalid Response causes question to be re-asked: Yes


  4. OpenVMS Password (null means no valid password) []: 
    

    Default: Null string
    Sticky Input: No
    Valid Responses: Any string, including null string
    Case-Sensitive: No
    Invalid Response causes question to be re-asked: Yes
    The response is not echoed as the user enters it. If a null string is entered, EXPORT does not set a valid password on the OpenVMS account and the account user is only able to log in via his or her DCE password.


  5. Retype password: 
    

    Default: No default
    Sticky Input: No
    Valid Responses: Any string, including null string
    Case-Sensitive: No
    Invalid Response causes question to be re-asked: NO
    User reenters the password for verification. If the verification check fails then an error message is displayed and the dialog continues from step 4.
    This step is skipped if a password was not entered in step 4.


  6. OpenVMS account string [ETG]: 
    

    Default: DCE account's group name
    Sticky Input: Intra-Account
    Valid Responses: 1 to 8 alphanumeric characters, or null string
    Case-Sensitive: Yes, if quoted
    Invalid Response causes question to be re-asked: Yes
    A null string means do not add an account field.


  7. Enter UIC group (octal number or existing identifier) [ETG]: 
    

    Default: OpenVMS account's ACCOUNT field. If null, the DCE account's GROUP name. Uppercased.
    Sticky Input: Intra-Account
    Valid Responses: Octal number in range 1 to 37776, or string up to 31 chars maximum
    Case-Sensitive: No
    Invalid Response causes question to be re-asked: Yes
    If a string is entered but it is not an existing group identifier, an error message is issued and the question is asked again.


  8. Enter UIC member (octal number) [22]: 
    

    Default: Next available UIC member within the selected group
    Sticky Input: No
    Valid Responses: Octal number in range 0 to 177776
    Case-Sensitive: No
    Invalid Response causes question to be re-asked: Yes


  9. Create UIC identifiers if they don't already exist (y/n) [y]: 
    

    Default: y
    Sticky Input: Inter-Account
    Valid Responses: y n
    Case-Sensitive: No
    Invalid Response causes question to be re-asked: Yes


  10. Account Owner ["John Smith"]: 
    

    Default: DCE account principal's full name if it exists, otherwise DCE account principal's name, truncated to 8 chars
    Sticky Input: No
    Valid Responses: ASCII string, up to 8 chars
    Case-Sensitive: No, unless quoted
    Invalid Response causes question to be re-asked: Yes


  11. Default Device [USER$:] 
    

    Default: Default device from the /LIKE account
    Sticky Input: Intra-Account
    Valid Responses: ASCII string, up to 32 chars
    Case-Sensitive: No
    Invalid Response causes question to be re-asked: Yes


  12. Default Directory [SMITH]: 
    

    Default: The account's username
    Sticky Input: Intra-Account
    Valid Responses: ASCII string, up to 32 chars
    Case-Sensitive: No
    Invalid Response causes question to be re-asked: Yes


  13. Disk quota (if quotas are enabled) [1000]: 
    

    Default: 1000
    Sticky Input: Inter-Account
    Valid Responses: Any positive integer
    Case-Sensitive: No
    Invalid Response causes question to be re-asked: Yes


  14. OK to create OpenVMS account based on above (y/n) [y]: 
    

    Default: y
    Sticky Input: No
    Valid Responses: y n
    Case-Sensitive: No
    Invalid Response causes question to be re-asked: Yes
    If /NOCONFIRM was specified, then this question is not asked.
    If the /RECAP qualifier was specified, details of the account about to be created are displayed immediately before this question is asked.
    If the user answers n then an account not created message is displayed and the dialog starts again, for the same DCE account, from step 1.
    If the user answers y, or if /NOCONFIRM was specified, then an attempt is made to create the OpenVMS account. If the account create succeeds, then a success message is displayed and the dialog starts for the next DCE account from step 1. If the OpenVMS account create fails, then an error message is displayed and the dialog starts again, for the same DCE account, from step 1.

Following is an example of an interactive EXPORT command:


EXPORT> EXPORT "smith"
 
DCE Account Details: 
 
 Principal:     smith (John Smith) 
 Group:         DCE 
 Organization:  OpenVMS 
 
 c - create OpenVMS account 
 x - add this DCE account to the EXPORT exclude file 
 s - skip this DCE account 
 e - exit IMPORT 
 
 Enter option (c/x/s/e) [c]: c 
 
 Enter OpenVMS account details: 
 
 OpenVMS Username [SMITH]: 
 This OpenVMS account is to be based upon [DEFAULT]: 
 OpenVMS Password (null means no valid password) []: 
 Retype password: 
 OpenVMS account string [ETG]: 
 Enter UIC group (octal number or existing identifier) [ETG]: 
 Enter UIC member (octal number) [22]: 
 Create UIC identifiers if they don't already exist (y/n) [y]: 
 Account Owner ["John Smith"]: 
 Default Device [USER$:] 
 Default Directory [SMITH]: 
 Disk quota (if quotas are enabled) [1000]: 
 
 OK to create OpenVMS account based on above (y/n) [y]: 
 
 OpenVMS Account successfully created. 
 
EXPORT> 


SHOW/EXCLUDE

Displays DCE principal names in the EXPORT exclude list.

Synopsis

SHOW/EXCLUDE [PRINCIPAL] /ALL /OUTPUT =output


Parameters

PRINCIPAL

Specifies the DCE principal name to be displayed from the EXPORT exclude list. Full OpenVMS wildcarding is allowed.

Qualifiers

/ALL

Specifies that all EXPORT exclude entries are to be displayed. If you do not specify a principal name, then this qualifier is assumed.

/OUTPUT=output

Specifies the location at which the output is written. The default is SYS$OUTPUT:.

Description

The SHOW/EXCLUDE command displays DCE principal names in the EXPORT exclude list.


Previous Next Contents Index