unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (HP-UX-11.11)
Page:
Section:
Apropos / Subsearch:
optional field



 passwd_import(1m)		     OSF		   passwd_import(1m)




 NAME
      passwd_import - Creates registry database entries based on information
      in UNIX group and password files

 SYNOPSIS
      passwd_import [-c] -d pathname [-i] [-o org] [-p password]
      [-u username] [-h] [-v]


 OPTIONS
      -c	Run in check mode:  process the command, showing all
		conflicts, but make no requests for resolution.

      -d pathname
		The path to the directory containing the foreign password
		and group files to be imported.

      -i	Ignore name confilcts.	Names in the registry and the group
		and password files represent the same identity.

      -o org	The name of an organization to be assigned to all imported
		entries. The default organization is none.

      -p password
		The password for the account with whose privileges
		passwd_import will run.

      -u username
		The principal name of the account with whose privileges
		passwd_import will run. This account must have the
		privileges to access the registry and add principals,
		groups, accounts, and organizations, and to add members to
		groups and organizations.  The principal name and password
		are used to obtain network authentication. If you do not
		supply them, passwd_import prompts for them, even if you
		have already performed a network login.

      -h	Display help information.

      -v	Run in verbose mode: generate a verbose transcript of
		passwd_import activity.


 DESCRIPTION
      The passwd_import command is a mechanism for creating registry
      database entries that are consistent with foreign password and group
      file entries.

      Use passwd_import to ensure consistency between DCE and foreign
      protection mechanisms when you do the following:




 Hewlett-Packard Company	    - 1 -	      OSF DCE 1.1/HP DCE 1.8






 passwd_import(1m)	  Open Software Foundation	   passwd_import(1m)




	+  Attach DCE node(s) to an existing UNIX network

	+  Attach UNIX node(s) to a DCE network

	+  Connect DCE and UNIX networks


      If the password and group file entries do not exist in the DCE
      registry, passwd_import creates them.  If there are duplicate entries,
      passwd_import follows your directions on how to handle them.

    The Process
      The DCE registry database must exist and be running before you can use
      passwd_import.  If you are simply adding a few DCE  nodes to a foreign
      network, you can create a new, but empty, registry to meet this
      requirement.

      As passwd_import processes, it performs the following steps:


       1.  It opens the group and password files and establishes a
	   connection to the registry.

       2.  It compares the group file entries to groups in the registry. If
	   there are no conflicts, it creates groups in the registry
	   corresponding to the groups in the group file.

       3.  It compares the entries in the password file to principals in the
	   registry. Again, if there are no conflicts, it


	    a.	Creates principals in the registry corresponding to the
		entries in the password file.

	    b.	Adds the newly created principals to the appropriate groups.

	    c.	Creates accounts for the newly created principals.


       4.  It re-examines the group file and adds the principals as members
	   of any addtional groups it finds there.


      The changes to the registry are made individually as each step is
      processed. If you do not specify the organization, the principals are
      added to the organization none.


    Conflicts
      During this process, passwd_import can find conflicts in name strings
      (for example, in the password file, joe 102; in the registry database,



 Hewlett-Packard Company	    - 2 -	      OSF DCE 1.1/HP DCE 1.8






 passwd_import(1m)	  Open Software Foundation	   passwd_import(1m)




      joe 555) and in UNIX IDs (for example, in the password file, joe 102;
      in the DCE, carmelita 102). When passwd_import finds a conflict, it
      prompts for changes to make to the /etc/passwd and /etc/group entries.
      No changes are made to the registry entries. In other words, all
      conflicts are resolved in favor of the registry entry.

      The -i  option specifies that duplicate names are not in conflict but,
      in fact, represent the same identity. Therefore, when duplicate names
      arise, no action is necessary.   If you do not use the -i option,
      passwd_import prompts for how to handle the name conflicts.

    Resolving Conflicts
      The passwd_import command prompts for instructions to resolve the
      conflicts it finds.  You have the following choices:


	+  You can create an alias to resolve a UNIX ID conflict.  This
	   action creates an alias for the registry object in conflict.	 The
	   passwd_import command assigns this alias the same name as the
	   conflicting entry in the /etc/group or /etc/passwd file.  For
	   example, if the entry joe 555 exists in the registry and the
	   entry tim 555 exists in the /etc/passwd file, choosing this
	   option creates the alias tim for joe 555.

	+  You can generate a new UNIX ID automatically or enter a new one
	   explicitly to resolve a UNIX ID conflict.  For example, if there
	   is a conflict between the entry joe 555 in the registry and tim
	   555 in the /etc/passwd file, you can generate a new UNIX ID for
	   tim.

	+  You can enter a new name to resolve a name conflict.	 For example
	   if there is a conflict between the entry joe 555 in the registry
	   and joe 383 in the /etc/passwd file, you can generate a new name
	   for joe 383. This new name will then be added to the registry.


      In addition, you are given the option of ignoring the conflict and
      skipping this entry.

      Generally, you should run passwd_import with the -c option.  Using the
      results of this run, you can determine how to handle the conflicts.
      If there are many conflicts, it may be more efficient to manually edit
      either the registry or the group and password files to resolve some of
      them before you run import_passwd.

    Registry Database Entries
      New registry entries created by passwd_import are assigned the
      following values:






 Hewlett-Packard Company	    - 3 -	      OSF DCE 1.1/HP DCE 1.8






 passwd_import(1m)	  Open Software Foundation	   passwd_import(1m)




      For Principal and Group Entries:


		alias/primary
			  If the /etc/passwd file contains two entries with
			  the same UNIX number, passwd_import creates a
			  primary name entry for the first occurrence of the
			  UNIX number and alises entries for each subsequent
			  occurrence.

		fullname  A blank string; no fullname is added for the
			  entry.

		membership list
			  For new groups only, all principals listed in the
			  group file, and all principals with accounts in
			  the password file with that group.

		projlist_ok
			  Yes (for groups only).


      For Account Entries:


		Account expiration date
			  None.

		Account_valid
			  False.

		Client flag
			  True.

		Duplicate certificate flag
			  False.

		Forwardable certificate flag
			  True.

		Gecos	  Same as password file.

		Good since date
			  Time of account creation.

		Homedir	  Same as password file.

		Maximum certificate lifetime
			  Default to registry authentication policy.





 Hewlett-Packard Company	    - 4 -	      OSF DCE 1.1/HP DCE 1.8






 passwd_import(1m)	  Open Software Foundation	   passwd_import(1m)




		Maximum certificate renewable
			  Default to registry authentication policy.

		Passwd	  Randomly generated. Note that you must modify or
			  reset randomly generated passwords before user
			  authentication is possible.

		Passwd_dtm
			  Date and time passwd_import was run.

		Passwd_valid
			  False.

		Postdated certificate flag
			  False.

		Proxiable certificate flag
			  False.

		Renewable certificate flag
			  True.

		Server flag
			  True.

			  Same as password file.

		TGT authentication flag
			  True.


 RELATED INFORMATION
      Commands: rgy_edit(1m), sec_admin(1m), secd(1m)





















 Hewlett-Packard Company	    - 5 -	      OSF DCE 1.1/HP DCE 1.8