Previous | Contents | Index |
This chapter contains reference information on the Integrated Login
EXPORT commands discussed in the Digital DCE for OpenVMS VAX and
OpenVMS Alpha Product Guide.
3.1 Running the DCE Registry EXPORT Utility
The DCE EXPORT utility allows system administrators to create an OpenVMS authorization file from an existing DCE registry.
Integrated Login provides two methods of running the DCE EXPORT utility:
$ DCE$EXPORT EXPORT> |
$ DCE EXPORT command $ |
$ DCE$EXPORT :== $SYS$SYSTEM:DCE$EXPORT |
$ RUN SYS$SYSTEM:DCE$EXPORT |
Adds a DCE principal name to the EXPORT exclude list.
ADD/EXCLUDE [PRINCIPAL]
PRINCIPAL
Specifies the DCE principal name to be added to the EXPORT exclude list. Lowercase principal names must be enclosed in quotes.
The ADD/EXCLUDE command adds a DCE principal name to the EXPORT exclude list. This command performs the same function as EXPORT/EXCLUDE.
Deletes a DCE principal name from the EXPORT exclude list.
DELETE/EXCLUDE [PRINCIPAL]
PRINCIPAL
Specifies the DCE principal name to be deleted from the EXPORT exclude list. Lowercase principal names must be enclosed in quotes.
The DELETE/EXCLUDE command deletes a DCE principal name from the EXPORT exclude list.
Exits the EXPORT utility.
EXIT
The EXIT command exits the EXPORT utility and returns you to DCL. You can also exit EXPORT by pressing Ctrl/Z.
Creates OpenVMS accounts based on existing DCE accounts in the DCE registry.
EXPORT [DCE-ACCOUNT-NAME] /[NO]ADD_IDENTIFIERS /[NO]CONFIRM /DCE_LOGIN /[NO]EXCLUDE /[NO]INFORM /[NO]INTERACTIVE /OUTPUT=output /[NO]RECAP /[NO]TEST_ONLY /[NO]WILD
/[NO]ACCOUNT=account /DEVICE=device /DIRECTORY=directory /GROUP_UIC=group_uic /LIKE=vms_account /MEMBER_UIC=member_uic /[NO]OWNER=owner /PASSWORD=passwd /[NO]QUOTA=n /USERNAME=username
DCE-ACCOUNT-NAME
Specifies the name of the DCE account that is to be exported. If the DCE account name contains lowercase characters, spaces or other special characters, enclose the name in quotes.If you specify an asterisk for this argument, all accounts from the registry are selected.
/ADD_IDENTIFIERS
/NOADD_IDENTIFIERS (default)
Adds identifiers for the username and account name to the OpenVMS rights database./CONFIRM
/NOCONFIRM
Controls whether the EXPORT command asks for confirmation before creating the OpenVMS account.In interactive mode, the default is /CONFIRM. In noninteractive mode, the default is /NOCONFIRM.
/DCE_LOGIN=(keyword=value[,...])
Provides account details of a DCE account authorized to create principals and accounts in the DCE registry. Valid keywords for the DCE_LOGIN qualifier are:PRINCIPAL --- The principal name to be used for authentication purposes when creating accounts and/or principals in the DCE registry. If you do not specify a principal using this qualifier, you are prompted for one interactively.
You must enclose the principal name in quotes to maintain lowercase.
PASSWORD --- The password associated with the principal name that was specified by the PRINCIPAL keyword. If you do not specify a password via this qualifier, you are prompted for one interactively. If you are an interactive user, if you do not specify the PASSWORD keyword and allow EXPORT to prompt you, the password is not echoed and does not appear on your terminal.
This information has to be entered only once per session, on the first EXPORT command. Subsequent EXPORT commands within the same session do not require you to reenter this information.
/EXCLUDE
/NOEXCLUDE (default)
Determines whether the DCE account is exported to OpenVMS. If the DCE account is not exported, then the OpenVMS account is not created. Instead, an entry is created in the EXPORT exclude file for the specified DCE account. EXPORT/EXCLUDE performs the same function as ADD/EXCLUDE./INFORM
/NOINFORM (default)
Determines whether the user is informed of DCE accounts that would have been selected for export, but are not selected because they have already been exported (they have an entry in the DCE$UAF) or they exist in the EXPORT exclude file./INTERACTIVE (default)
/NOINTERACTIVE
Controls whether an interactive or noninteractive export is performed.In interactive mode a series of questions is asked and the user's responses are used to determine the account details. This mode is well suited to interactive users.
In noninteractive mode all input is supplied through the data qualifiers, and any missing or conflicting data causes the OpenVMS account to not be created. This mode is well suited to command files and batch jobs.
Data qualifiers can be specified in interactive mode. In this case the data they provide is used to provide the default answers to the relevant questions. All questions are asked.
/OUTPUT=output
Specifies the location at which all program output is written. The default is SYS$OUTPUT:./RECAP
/NORECAP (default)
If you specify /RECAP, details of the OpenVMS account are displayed before it is actually created. When /CONFIRM is also specified, the account details are displayed immediately before the confirmation request./TEST_ONLY
/NOTEST_ONLY (default)
If you specify /TEST_ONLY, OpenVMS accounts, identifiers, and DCE$UAF entries are not actually created./WILD (default)
/NOWILD
Specifies whether standard VMS wildcarding is applied to DCE-ACCOUNT-NAME. The default is /WILD, which means that a DCE-ACCOUNT-NAME of "SM*" is interpreted as "export any account starting with SM". If /NOWILD is specified, the DCE-ACCOUNT-NAME "SM*" is exported.
/ACCOUNT=account (default)
/NOACCOUNT
Specifies the account string for the OpenVMS account (same as /ACCOUNT in AUTHORIZE). The account is a string of 1 to 8 alphanumeric characters.If this qualifier is not specified, the DCE account's group name, truncated to 8 characters if necessary, is used. Specify /NOACCOUNT if no account field is required.
/DEVICE=device
Specifies the name of the OpenVMS account's default device at login. The device name is a string of 1 to 31 alphanumeric characters. If you omit the colon from the device name value, a colon is automatically appended.The default device is copied from the device field from the account specified by the /LIKE qualifier.
/DIRECTORY=directory
Specifies the default directory name for the DIRECTORY field of the OpenVMS SYSUAF record. The directory name can be 1 to 63 alphanumeric characters. If you do not enclose the directory name in brackets, EXPORT adds the brackets for you.The default directory name is [username], where username is the OpenVMS account's username.
/GROUP_UIC=group_uic
Specifies the group part of the UIC for the OpenVMS account. You can specify this qualifiier as an octal group UIC code or as an existing group UIC identifier. If specified as an octal number, it must be in the range 1 to 37776 (octal).The default is to take the OpenVMS account's ACCOUNT field, convert it to uppercase, and interpret this as a group UIC identifier. If such an identifier does not exist, a similar translation is attempted for the DCE account's group name. If neither identifiers exist then the group UIC is derived from the OpenVMS account specified by the LIKE qualifier.
/LIKE=vms-account
Specifies an existing OpenVMS account to be used as the basis for the OpenVMS account being created. Any fields not specified on the EXPORT command line, as well as all quotas, privileges, and so on, are inherited from the /LIKE account. The default is DEFAULT (as it is in AUTHORIZE).This qualifier is useful if you want to specify SYSUAF flags on a newly created account that are different from the default. In that case, use the /LIKE qualifier and specify an existing account with the desired SYSUAF flags.
/MEMBER_UIC=member_uic
Specifies the member part of the UIC for the OpenVMS account. /MEMBER_UIC should be specified as an octal number within the range 0 to 177776 (octal).The default is to use the first available member UIC within the group UIC (as specified by /GROUP_UIC). For example, if the selected group is 150 and that group has members 1, 2, 5 and 6 already defined, then the new UIC is [150,3].
/OWNER=owner (default)
/NOOWNER
Specifies the owner string for the OpenVMS account (same as /OWNER in AUTHORIZE). The owner is a string of 1 to 31 characters.If you do not specify this qualifier, the DCE account's principal name, truncated to 31 characters if necessary, is used. Specify /NOOWNER if no owner field is required.
/PASSWORD=passwd
Specifies the password for the OpenVMS account. Passwords can be from 0 to 32 characters in length and can include alphanumeric characters, dollar signs, and underscores. They are not case-sensitive.If you do not specify a password, the account is created without a valid OpenVMS password.
/QUOTA=quota (default)
/NOQUOTA
Specifies the disk quota for the device specified by /DEVICE to be given to the OpenVMS account (if quotas are enabled on that volume).The default is 1000 blocks. If quotas are not enabled on the device specified by /DEVICE or if /NOQUOTA is specified, then no quota is given.
/USERNAME=username
Specifies the username for the OpenVMS account. The username is a string of 1 to 12 alphanumeric characters. The string can contain underscores.If you do not specify this qualifier, the DCE account's principal name, truncated to 12 characters and uppercased, is used.
The DCE EXPORT command is used to create accounts in the OpenVMS system authorization file (SYSUAF) based on existing accounts in the DCE registry.The DCE EXPORT function reads the specified account(s) from the DCE registry and for each selected account performs the following:
- If a DCE$UAF record for this DCE account already exists, the account is not exported. (An existing DCE$UAF record is an indication that this DCE account has already been exported.) Note that orphaned DCE$UAF entries can be detected via the DCE$UAF ANALYZE command.
- If an entry for this DCE account exists in the EXPORT exclude file, the account is not exported. (An entry in the EXPORT exclude file signifies that this DCE account should not be exported.)
- If a DCE$UAF record does not exist, the DCE EXPORT utility attempts to create an OpenVMS account. If the account is successfully created, the matching DCE$UAF record is also created.
DCE EXPORT has two modes, interactive and noninteractive. Refer to the description of the /INTERACTIVE qualifier for details.
If the OpenVMS account already exists, it is treated as a success and the corresponding DCE$UAF entry is created.
If you want to specify SYSUAF flags that are different from the default on a newly created account, use the /LIKE qualifier and specify an existing account with the desired SYSUAF flags.
This section shows the dialog during an interactive EXPORT session.Each question requires input from the user (note that in this context the user is probably the system administrator), and most questions offer a default. Some defaults vary depending upon the answers to previous questions, and some vary depending upon how you answered the same question before. This second feature is known as sticky input and reduces the amount of input the user must type. Some defaults are reset each time you start on a new OpenVMS account while others are carried forward to the next account; this is intra-account sticky input and inter-account sticky input, respectively.
All text comparisons are made case-blind. All nonquoted input is converted to uppercase before being stored in SYSUAF.
The DCE account details are displayed for the first (or current, or next) account as follows:
DCE Account Details: Principal: smith (John Smith) Group: ETG Organization: OVMS c - create OpenVMS account x - add this DCE account to the EXPORT exclude file s - skip this DCE account e - exit IMPORT Enter option (c/x/s/e) [c]:
Default: c
Sticky Input: Inter-Account
Valid Responses: c x s e
Case-Sensitive: No
Invalid Response causes question to be re-asked: Yes
The DCE account details are displayed for the first (or current) account and the user is asked which action is required for this account.
If the user enters c then the dialog continues from step 2.
If the user enters x then an entry for this DCE account is created in the EXPORT exclude file and the dialog continues from step 1.
If the user enters s then the current DCE account is not processed any further, the next DCE account (if any) is selected, and the dialog continues from step 1.
If the user enters e, then the EXPORT utility terminates.
Enter OpenVMS account details: OpenVMS Username [SMITH]:
Default: DCE registry principal name, forced to uppercase, truncated to 12 characters.
Sticky Input: Intra-Account
Valid Responses: Any string up to 12 characters
Case-Sensitive: No
Invalid Response causes question to be re-asked: Yes
The user either enters a different OpenVMS username for the account or accepts the default.
The EXPORT utility checks if the account already exists. If the account exists, an error message is displayed and the dialog continues from step 1.
This OpenVMS account is to be based upon [DEFAULT]:
Default: DEFAULT
Sticky Input: Inter-Account
Valid Responses: Any string up to 12 characters
Case-Sensitive: No
Invalid Response causes question to be re-asked: Yes
OpenVMS Password (null means no valid password) []:
Default: Null string
Sticky Input: No
Valid Responses: Any string, including null string
Case-Sensitive: No
Invalid Response causes question to be re-asked: Yes
The response is not echoed as the user enters it. If a null string is entered, EXPORT does not set a valid password on the OpenVMS account and the account user is only able to log in via his or her DCE password.
Retype password:
Default: No default
Sticky Input: No
Valid Responses: Any string, including null string
Case-Sensitive: No
Invalid Response causes question to be re-asked: NO
User reenters the password for verification. If the verification check fails then an error message is displayed and the dialog continues from step 4.
This step is skipped if a password was not entered in step 4.
OpenVMS account string [ETG]:
Default: DCE account's group name
Sticky Input: Intra-Account
Valid Responses: 1 to 8 alphanumeric characters, or null string
Case-Sensitive: Yes, if quoted
Invalid Response causes question to be re-asked: Yes
A null string means do not add an account field.
Enter UIC group (octal number or existing identifier) [ETG]:
Default: OpenVMS account's ACCOUNT field. If null, the DCE account's GROUP name. Uppercased.
Sticky Input: Intra-Account
Valid Responses: Octal number in range 1 to 37776, or string up to 31 chars maximum
Case-Sensitive: No
Invalid Response causes question to be re-asked: Yes
If a string is entered but it is not an existing group identifier, an error message is issued and the question is asked again.
Enter UIC member (octal number) [22]:
Default: Next available UIC member within the selected group
Sticky Input: No
Valid Responses: Octal number in range 0 to 177776
Case-Sensitive: No
Invalid Response causes question to be re-asked: Yes
Create UIC identifiers if they don't already exist (y/n) [y]:
Default: y
Sticky Input: Inter-Account
Valid Responses: y n
Case-Sensitive: No
Invalid Response causes question to be re-asked: Yes
Account Owner ["John Smith"]:
Default: DCE account principal's full name if it exists, otherwise DCE account principal's name, truncated to 8 chars
Sticky Input: No
Valid Responses: ASCII string, up to 8 chars
Case-Sensitive: No, unless quoted
Invalid Response causes question to be re-asked: Yes
Default Device [USER$:]
Default: Default device from the /LIKE account
Sticky Input: Intra-Account
Valid Responses: ASCII string, up to 32 chars
Case-Sensitive: No
Invalid Response causes question to be re-asked: Yes
Default Directory [SMITH]:
Default: The account's username
Sticky Input: Intra-Account
Valid Responses: ASCII string, up to 32 chars
Case-Sensitive: No
Invalid Response causes question to be re-asked: Yes
Disk quota (if quotas are enabled) [1000]:
Default: 1000
Sticky Input: Inter-Account
Valid Responses: Any positive integer
Case-Sensitive: No
Invalid Response causes question to be re-asked: Yes
OK to create OpenVMS account based on above (y/n) [y]:
Default: y
Sticky Input: No
Valid Responses: y n
Case-Sensitive: No
Invalid Response causes question to be re-asked: Yes
If /NOCONFIRM was specified, then this question is not asked.
If the /RECAP qualifier was specified, details of the account about to be created are displayed immediately before this question is asked.
If the user answers n then an account not created message is displayed and the dialog starts again, for the same DCE account, from step 1.
If the user answers y, or if /NOCONFIRM was specified, then an attempt is made to create the OpenVMS account. If the account create succeeds, then a success message is displayed and the dialog starts for the next DCE account from step 1. If the OpenVMS account create fails, then an error message is displayed and the dialog starts again, for the same DCE account, from step 1.
Following is an example of an interactive EXPORT command:
EXPORT> EXPORT "smith" DCE Account Details: Principal: smith (John Smith) Group: DCE Organization: OpenVMS c - create OpenVMS account x - add this DCE account to the EXPORT exclude file s - skip this DCE account e - exit IMPORT Enter option (c/x/s/e) [c]: c Enter OpenVMS account details: OpenVMS Username [SMITH]: This OpenVMS account is to be based upon [DEFAULT]: OpenVMS Password (null means no valid password) []: Retype password: OpenVMS account string [ETG]: Enter UIC group (octal number or existing identifier) [ETG]: Enter UIC member (octal number) [22]: Create UIC identifiers if they don't already exist (y/n) [y]: Account Owner ["John Smith"]: Default Device [USER$:] Default Directory [SMITH]: Disk quota (if quotas are enabled) [1000]: OK to create OpenVMS account based on above (y/n) [y]: OpenVMS Account successfully created. EXPORT> |
Displays DCE principal names in the EXPORT exclude list.
SHOW/EXCLUDE [PRINCIPAL] /ALL /OUTPUT =output
PRINCIPAL
Specifies the DCE principal name to be displayed from the EXPORT exclude list. Full OpenVMS wildcarding is allowed.
/ALL
Specifies that all EXPORT exclude entries are to be displayed. If you do not specify a principal name, then this qualifier is assumed./OUTPUT=output
Specifies the location at which the output is written. The default is SYS$OUTPUT:.
The SHOW/EXCLUDE command displays DCE principal names in the EXPORT exclude list.
Previous | Next | Contents | Index |