HPE Community
Operating System - OpenVMS
1753784 Members
7243 Online
108799 Solutions
New Discussion юеВ

Re: Identifiers

 
FOX MULDER_2
Frequent Advisor

тАО06-04-2008 07:22 PM

тАО06-04-2008 07:22 PM

Re: Identifiers

Yes...Bill
Got fixed

you are correct...

Very logically you need to add the user to the rights DB and then grant the identifiers.

Thanks
0 Kudos
Reply
Hein van den Heuvel
Honored Contributor

тАО06-04-2008 07:30 PM

тАО06-04-2008 07:30 PM

Re: Identifiers

>> Any way out ?

You need to do a "UAF> show user fox" and carefuly verify, notably the data behind "UIC:"
Does it show an identifier?

Also try "UAF> show /ident fox"
You may also check: "UAF> SHOW/IDENTIFIER/valu=uic:[x,y]"
for a good value, and for the fox-value.

Carefully study the prior replies and pointers.
If still stuck post some UAF> SHOW data here.

hth,
Hein.
0 Kudos
Reply
Jon Pinkley
Honored Contributor

тАО06-04-2008 11:42 PM

тАО06-04-2008 11:42 PM

Re: Identifiers

Be well aware that identifiers are not granted to a username. Even though the UIC valued "user identifier" often has the same name as the username, that isn't a guarantee.

Here's a short version of an example that shows this is the case, see the attachment for the full version if you are interested.

UAF> grant/id jons_cms fox ! this isn't granting to username FOX
%UAF-I-GRANTMSG, identifier JONS_CMS granted to FOX
UAF> show fox ! this is showing the username FOX

Username: FOX Owner:
Account: ITRC UIC: [50,1] ([MULDER])
CLI: DCL Tables: DCLTABLES
---stuff removed for brevity---
Authorized Privileges:
NETMBX TMPMBX
Default Privileges:
NETMBX TMPMBX
UAF> ! note it doesn't have anything granted to it
UAF> show mulder

Username: MULDER Owner:
Account: UIC: [50,2] ([FOX]) <-- This is what the JONS_CMS id was granted to.
CLI: DCL Tables: DCLTABLES
---stuff removed for brevity---
Authorized Privileges:
NETMBX TMPMBX
Default Privileges:
NETMBX TMPMBX
Identifier Value Attributes
JONS_CMS %X8001000D
UAF> ! The USERNAME(s) with UIC value [50,2] will get JONS_CMS on the next login

See attachment for complete logs showing complete steps leading to this (non-standard) condition.

So the bottom line for least confusion, and better access control, do the following:

Don't create multiple USERNAMEs with the same UIC (unless you really want all usernames with the same UIC to be considered identical from a security perspective).

Let UAF create the UIC valued user identifiers that have the same text as the USERNAME. This makes things like file ownership much less confusing than the example I gave.
it depends
0 Kudos
Reply
FOX MULDER_2
Frequent Advisor

тАО06-04-2008 11:42 PM

тАО06-04-2008 11:42 PM

Re: Identifiers

Thanks to all..

The problem is solved
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.