- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: Identifiers
Operating System - OpenVMS
1753784
Members
7243
Online
108799
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-04-2008 07:22 PM
тАО06-04-2008 07:22 PM
Re: Identifiers
Yes...Bill
Got fixed
you are correct...
Very logically you need to add the user to the rights DB and then grant the identifiers.
Thanks
Got fixed
you are correct...
Very logically you need to add the user to the rights DB and then grant the identifiers.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-04-2008 07:30 PM
тАО06-04-2008 07:30 PM
Re: Identifiers
>> Any way out ?
You need to do a "UAF> show user fox" and carefuly verify, notably the data behind "UIC:"
Does it show an identifier?
Also try "UAF> show /ident fox"
You may also check: "UAF> SHOW/IDENTIFIER/valu=uic:[x,y]"
for a good value, and for the fox-value.
Carefully study the prior replies and pointers.
If still stuck post some UAF> SHOW data here.
hth,
Hein.
You need to do a "UAF> show user fox" and carefuly verify, notably the data behind "UIC:"
Does it show an identifier?
Also try "UAF> show /ident fox"
You may also check: "UAF> SHOW/IDENTIFIER/valu=uic:[x,y]"
for a good value, and for the fox-value.
Carefully study the prior replies and pointers.
If still stuck post some UAF> SHOW data here.
hth,
Hein.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-04-2008 11:42 PM
тАО06-04-2008 11:42 PM
Re: Identifiers
Be well aware that identifiers are not granted to a username. Even though the UIC valued "user identifier" often has the same name as the username, that isn't a guarantee.
Here's a short version of an example that shows this is the case, see the attachment for the full version if you are interested.
UAF> grant/id jons_cms fox ! this isn't granting to username FOX
%UAF-I-GRANTMSG, identifier JONS_CMS granted to FOX
UAF> show fox ! this is showing the username FOX
Username: FOX Owner:
Account: ITRC UIC: [50,1] ([MULDER])
CLI: DCL Tables: DCLTABLES
---stuff removed for brevity---
Authorized Privileges:
NETMBX TMPMBX
Default Privileges:
NETMBX TMPMBX
UAF> ! note it doesn't have anything granted to it
UAF> show mulder
Username: MULDER Owner:
Account: UIC: [50,2] ([FOX]) <-- This is what the JONS_CMS id was granted to.
CLI: DCL Tables: DCLTABLES
---stuff removed for brevity---
Authorized Privileges:
NETMBX TMPMBX
Default Privileges:
NETMBX TMPMBX
Identifier Value Attributes
JONS_CMS %X8001000D
UAF> ! The USERNAME(s) with UIC value [50,2] will get JONS_CMS on the next login
See attachment for complete logs showing complete steps leading to this (non-standard) condition.
So the bottom line for least confusion, and better access control, do the following:
Don't create multiple USERNAMEs with the same UIC (unless you really want all usernames with the same UIC to be considered identical from a security perspective).
Let UAF create the UIC valued user identifiers that have the same text as the USERNAME. This makes things like file ownership much less confusing than the example I gave.
Here's a short version of an example that shows this is the case, see the attachment for the full version if you are interested.
UAF> grant/id jons_cms fox ! this isn't granting to username FOX
%UAF-I-GRANTMSG, identifier JONS_CMS granted to FOX
UAF> show fox ! this is showing the username FOX
Username: FOX Owner:
Account: ITRC UIC: [50,1] ([MULDER])
CLI: DCL Tables: DCLTABLES
---stuff removed for brevity---
Authorized Privileges:
NETMBX TMPMBX
Default Privileges:
NETMBX TMPMBX
UAF> ! note it doesn't have anything granted to it
UAF> show mulder
Username: MULDER Owner:
Account: UIC: [50,2] ([FOX]) <-- This is what the JONS_CMS id was granted to.
CLI: DCL Tables: DCLTABLES
---stuff removed for brevity---
Authorized Privileges:
NETMBX TMPMBX
Default Privileges:
NETMBX TMPMBX
Identifier Value Attributes
JONS_CMS %X8001000D
UAF> ! The USERNAME(s) with UIC value [50,2] will get JONS_CMS on the next login
See attachment for complete logs showing complete steps leading to this (non-standard) condition.
So the bottom line for least confusion, and better access control, do the following:
Don't create multiple USERNAMEs with the same UIC (unless you really want all usernames with the same UIC to be considered identical from a security perspective).
Let UAF create the UIC valued user identifiers that have the same text as the USERNAME. This makes things like file ownership much less confusing than the example I gave.
it depends
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-04-2008 11:42 PM
тАО06-04-2008 11:42 PM
Re: Identifiers
Thanks to all..
The problem is solved
The problem is solved
- « Previous
-
- 1
- 2
- Next »
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP