topic Re: adding new users with authorize in Operating System - OpenVMS

adding new users with authorize

geir_2 — Tue, 07 Feb 2006 02:39:15 GMT

Hi,

I have installed openVMS on a Alpha workstation. During the installation, I was asked for system password.

Later, It seems to be impossible to change system password with following command:

$ mc authorize

I got an success message " Authorize database modifed". But when I try to logginto that account/user, I must use the old password.

I have also uses set system/password command, without success.

I have also tried to create a new account, and next use this account for system access.It doesn't work either. I can use the show command to display details.
Why isn't it possible to access/use this account???

Geir

Re: adding new users with authorize

Karl Rohwedder — Tue, 07 Feb 2006 02:45:17 GMT

Geir,

what do you mean by SET SYSTEM/PASSWORD?

In Authorize the command to change a user's characteristics is MODIFY.
There is a SET PASS/SYSTEM command, but this does not change the password for the SYSTEM account, but sets a password to be entered before the system asks for a username (on serial lines onlym I think).

To change a user's password:
- set def sys$system (assuming the SYSUAF.DAT is stored there
- MC AUTHORIZE
UAF> modify system/password=neuespassword

When logging in the 1st time, you have to change the password.

If you have tried several times with wrong password, the user may be marked as a intruder and login is blocked for some time, even if you enter the correct password now. You can check this with SHOW INTERUSION and clear it with DELETE/INTRUSION...

regards Kalle

Re: adding new users with authorize

geir_2 — Tue, 07 Feb 2006 03:01:12 GMT

Hi,

Thanks. When I use
set default sys$system command, it worked.
I was not aware of it.

Geir

Re: adding new users with authorize

Marc Van den Broeck — Tue, 07 Feb 2006 03:02:23 GMT

Geir,

are you sure you were in the sys$system directory when you ran authorize?

If not, you might be updating authorize files that were accidently created and thus not used.

Rgds
Marc

Re: adding new users with authorize

Heinz W Genhart — Tue, 07 Feb 2006 03:22:56 GMT

Hi Geir

You can define the Logical names Sysuaf and Rightslist

DEF/SYS/EXEC SYSUAF sys$system:sysuaf.dat
DEF/SYS/EXEC RIGHTSLIST sys$system:rightslist.dat

If those names are defined You can use the Authorize utility from every place and you must not do a set default to sys$system

Regards

Heinz

Re: adding new users with authorize

Hein van den Heuvel — Tue, 07 Feb 2006 08:50:32 GMT

More importantly, through those logicals you can move those changing system files away from sys$system to a 'normal' data disk, in your normal daily/weekly backup plan.

Eventually this can get you to a 'read-only' system disk for which daily backups are no longer critical. In fact, you may want to replace the backups with a weekly or monthly restore to a known to be good state :-).

fwiw,
Hein.

Re: adding new users with authorize

John Gillings — Tue, 07 Feb 2006 19:43:44 GMT

Geir,

BEWARE! From what you say, there is a rogue SYSUAF.DAT file somewhere on your system disk, most likely in your SYS$LOGIN directory. You need to find it and delete it to prevent future confusion.

If you ever run AUTHORIZE and see the message:

%UAF-E-NAOFIL, unable to open system authorization file (SYSUAF.DAT)
-RMS-E-FNF, file not found
Do you want to create a new file?

Always respond NO because it means AUTHORIZE can't see the correct file.

Make sure you have a valid SYSUAF logical name defined /SYSTEM/EXEC (or, even better /CLUSTER/EXEC) and this won't be a problem.

Re: adding new users with authorize

Peter Zeiszler — Wed, 08 Feb 2006 10:36:08 GMT

Type this command:
mc sysgen show UAFALTERNATE

That should be 0 (zero). If it is then you need to follow what John Gillings listed. If its a 1 (one), then you need to look for a stray alternate sysuaf file.

The other logical to make sure you have set is RIGHTSLIST. If its not set (show log rights*) then you want to define it.
define/system/exec sys$system:rightslist.dat

The authorize and rightslist work hand in hand.

Re: adding new users with authorize

Arch_Muthiah — Wed, 08 Feb 2006 13:19:18 GMT

Geir,

SYSUAF sometime appears to be available more than one and different files. But infact they are one and the same. To make sure those are same files we can use DIRECTORY/FILE_ID command this way.

$ directory /file_id [sys*...]sysuaf.dat

Directory SYS$SYSDEVICE:[SYS0.SYSCOMMON.SYSEXE]SYSUAF.DAT;3 (12141,169,0)

Total of 1 file.

Directory SYS$SYSDEVICE:[SYS10.SYSCOMMON.SYSEXE]SYSUAF.DAT;3
(12141,169,0)

Total of 1 file.

Archunan