- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- How to get Username from UIC
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-07-2011 01:34 PM
12-07-2011 01:34 PM
How to get Username from UIC
I have request to create report that will show some UAF values of all accounts that hold specific rights. No problem collect all UICs that holds right, but convert it to Username... is little bit tricky.
Do anyone knows any solution other than opening SYSUAF.DAT and doing indexed read?
Best regards,
Dusan
- Tags:
- SYSUAF
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-07-2011 01:59 PM
12-07-2011 01:59 PM
Re: How to get Username from UIC
UICs can and variously do map to more than one username entry; this isn't a one-to-one mapping, it's potentially one-to-many.
UICs don't hold rights, either, so there may be some confusion around the OpenVMS security model lurking here.
The usual path for implementing these auditing report requests is a wildcard pass through all entries in SYSUAF either (and more commonly) via the username key or (less commonly) via the UIC key, and to then determine the identifiers and privileges associated with each entry located from there. The username entry is the top of the hierarchy here, and not the UIC values.
OpenVMS does not provide a documented or supported means to scan all usernames, so folks open up the file, adapt to the keys, and scan using (documented) RMS calls and the UAF data structure definitions. There's no wildcard $getuai. My preference is to get the minimal available information via the direct RMS means, then switch over to $getuai call(s) for the rest of the information. (See below for some code.)
Each username has one UIC associated; this is a one-to-one mapping.
I'm sure that something similar to this that this report auditing has been implemented somewhere, so spend some time rummaging around the OpenVMS Freeware archives. There are (or were) products in this area, too. If you cannot locate a complete and existing solution, then Hein van den Heuvel has posted code for scanning SYSUAF username entries from DCL code in various places, and I have posted C code that scans SYSUAF entries here. There are innumerable other examples posted around, too. The John The Ripper (JTR) tool "unuaf" might be interesting to you here, for instance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-07-2011 02:54 PM
12-07-2011 02:54 PM
Re: How to get Username from UIC
Dusan,
Hoff is correct that there can be multiple usernames sharing the same UIC. I'd argue that in most circumstances, it's worth your while assuring that UIC to Username is strictly a 1:1 mapping in both directions. When that is the case, you should also ensure there is always a UIC identifier which matches the username with that UIC.
I'd also recommend that UIC identifiers are never deleted, and never reused.
So, if you can verify there are no duplicate UICs in your UAF, and that UIC identifiers are defined for all users, the mapping from UIC to username can be done very easily with F$IDENTIFIER NUMBER_TO_NAME. For example, suppose you have group and member numbers for the UIC you're interested in:
$ WRITE SYS$OUTPUT F$IDENTIFIER(group*%X10000+member,"NUMBER_TO_NAME")
That said, there seems to be a misunderstanding in your request. Rights are granted to IDENTIFIERS not "accounts". So, you can find the list of rights granted to a specific UIC identifier by reading RIGHTSLIST (or, rather, using the system service API to RIGHTSLIST). You can then list the usernames sharing the UIC - that will require reading SYSUAF, since that's where the relationship is defined.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-07-2011 03:47 PM
12-07-2011 03:47 PM
Re: How to get Username from UIC
>So, if you can verify there are no duplicate UICs in your UAF, and that UIC identifiers are defined for all users,...
...and the text identifier string is configured to match the username...
>...the mapping from UIC to username can be done very easily with F$IDENTIFIER NUMBER_TO_NAME.
This match between the UIC text string and the username is the default, but it's not required.
And there are more than a few cases around where there is no text string associated with the UIC at all.