passwd_import(8sec)
Creates registry database entries based on information in UNIX group and password files
Synopsis
passwd_import [-c] -d pathname [-i] [-o org]
[-p password] [-u username]
[-h] [-v]
Options
-c
Run in check mode: processes the command, showing all conflicts, but make no requests for resolution.
-d pathname
The path to the directory containing the foreign password and group files to be imported.
-i
Ignore name conflicts. Names in the registry and the group and password files represent the same identity.
-o org
The name of an organization to be assigned to all imported entries. The default organization is none.
-p password
The password for the account with whose privileges passwd_import runs.
-u username
The principal name of the account with whose privileges passwd_import runs. This account must have the privileges to access the registry and add
principals, groups, accounts, and organizations, and to add members to groups and organizations. The principal name and password are used to obtain network authentication. If you do not supply
them, passwd_import prompts for them, even if you have already performed a network login.
-h
Displays help information.
-v
Run in verbose mode: generates a verbose transcript of passwd_import activity.
Description
The passwd_import command is a mechanism for creating registry database entries that are consistent with foreign password and group file entries.
Use passwd_import to ensure consistency between DCE and foreign protection mechanisms when you do the following:
Attach DCE nodes to an existing UNIX network
Attach UNIX nodes to a DCE network
Connect DCE and UNIX networks
If the password and group file entries do not exist in the DCE registry, passwd_import creates them. If there are duplicate entries, passwd_import follows your directions on how to handle them.
The Process
The DCE registry database must exist and be running before you can use passwd_import. If you are simply adding a few DCE nodes to a foreign network, you
can create a new, but empty, registry to meet this requirement.
As passwd_import processes, it performs the following steps:
1. It opens the group and password files and establishes a connection to the registry.
2. It compares the group file entries to groups in the registry. If there are no conflicts, it creates groups in the registry corresponding to the groups in the group file.
3. It compares the entries in the password file to principals in the registry. Again, if there are no conflicts, it
a) Creates principals in the registry corresponding to the entries in the password file.
b) Adds the newly created principals to the appropriate groups.
c) Creates accounts for the newly created principals.
4. It re-examines the group file and adds the principals as members of any additional groups it finds there.
The changes to the registry are made individually as each step is processed. If you do not specify the organization, the principals are added to the organization none.
Conflicts
During this process, passwd_import can find conflicts in name strings (for example, in the password file, joe 102; in the registry database,
joe 555) and in UNIX IDs (for example, in the password file, joe 102; in the DCE, carmelita 102). When passwd_import finds a conflict, it prompts for
changes to make to the /etc/passwd and /etc/group entries. No changes are made to the registry entries. In other words, all conflicts are resolved in favor of the registry entry.
The -i option specifies that duplicate names are not in conflict but, in fact, represent the same identity. Therefore, when duplicate names arise, no action is necessary. If you do not use the -i option, passwd_import prompts for how to handle the name conflicts.
Resolving Conflicts
The passwd_import command prompts for instructions to resolve the conflicts it finds. You have the following choices:
You can create an alias to resolve a UNIX ID conflict. This action creates an alias for the registry object in conflict. The passwd_import command assigns this alias the same name as the conflicting entry in the /etc/group or /etc/passwd file. For example, if the entry joe 555 exists in the registry and the entry tim 555 exists in the /etc/passwd file, choosing this option creates the alias tim for joe 555.
You can generate a new UNIX ID automatically or enter a new one explicitly to resolve a UNIX ID conflict. For example, if there is a conflict between the entry joe 555 in the registry and tim 555 in the /etc/passwd file, you can generate a new UNIX ID for tim.
You can enter a new name to resolve a name conflict. For example if there is a conflict between the entry joe 555 in the registry and joe 383 in the /etc/passwd file, you can generate a new name for joe 383. This new name is then added to the registry.
In addition, you are given the option of ignoring the conflict and skipping this entry.
Generally, you should run passwd_import with the -c option. Using the results of this run, you can determine how to handle the conflicts. If there are many conflicts, it may be more efficient to manually edit either the registry or the group and password files to resolve some of them before you run import_passwd.
Registry Database Entries
New registry entries created by passwd_import are assigned the following values:
For Principal and Group Entries:
alias/primary
If the /etc/passwd file contains two entries with the same UNIX number, passwd_import creates a primary name entry for the first occurrence of
the UNIX number and alias entries for each subsequent occurrence.
fullname
A blank string; no full name is added for the entry.
membership list
For new groups only, all principals listed in the group file, and all principals with accounts in the password file with that group.
projlist_ok
Yes (for groups only).
For Account Entries:
Account expiration date
None.
Account_valid
False.
Client flag
True.
Duplicate certificate flag
False.
Forwardable certificate flag
True.
Gecos
Same as password file.
Good since date
Time of account creation.
Homedir
Same as password file.
Maximum certificate lifetime
Default to registry authentication policy.
Maximum certificate renewable
Default to registry authentication policy.
Passwd
Randomly generated. Note that you must modify or reset randomly generated passwords before user authentication is possible.
Passwd_dtm
Date and time passwd_import was run.
Passwd_valid
False.
Postdated certificate flag
False.
Proxiable certificate flag
False.
Renewable certificate flag
True.
Server flag
True.
Shell
Same as password file.
TGT authentication flag
True.
Related Information
Commands: