The DCE IMPORT utility allows you to create principal and account
entries in a DCE registry based on accounts in an existing OpenVMS
authorization file. It is used for the following purposes:
o To populate the DCE registry when a new DCE cell is first established
o To add entries to an existing DCE registry when a new OpenVMS system
joins an existing DCE cell
o To add entries to an existing DCE registry when new users have
joined an OpenVMS sytem that is already part of an existing DCE cell
The DCE IMPORT utility also creates and maintains an exclude list.
The exclude list contains the OpenVMS usernames of users who do not
have, and do not require, a DCE account. This feature allows DCE IMPORT
to skip over these users during DCE IMPORT operations.
NOTE:
The DCE IMPORT utility described in this section cannot be satisfied
by the import function shipped with OSF DCE because of substantial
differences between OpenVMS and UNIX user registry data.
Passwords cannot be imported. Instead, the automatic synchronization
feature that occurs during integrated login is used to import user
passwords.
See the HP DCE for OpenVMS Alpha and OpenVMS I64 Reference Guide
for detailed descriptions of the DCE IMPORT commands.
RELATED INFORMATION
COMMANDS: DCE$EXPORT
1 – File Info
The DCE DCE IMPORT utility is shipped as an OpenVMS executable image named DCE$IMPORT.EXE. The image resides in the SYS$SYSTEM directory. The DCE IMPORT exclude file is named by default DCE$IMPORT_EXCLUDE.DAT and also resides in SYS$SYSTEM. You can change the name or location, or both, of this file by defining the logical name DCE$IMPORT_EXCLUDE to point to the new filename and location.
2 – Running IMPORT
The DCE IMPORT utility allows system administrators to create princi-
pal and account entries in a DCE registry based on accounts in SYSUAF.
Integrated Login provides two methods of running the DCE IMPORT
utility, as follows.
o By invoking the DCE IMPORT utility using a predefined symbol.
$ IMPORT
IMPORT>
You can also specify a single DCE IMPORT command on the command line.
Control returns to DCL after the command is executed.
$ IMPORT command
SYS$COMMON:[SYSMGR]DCE$DEFINE_REQUIRED_COMMANDS.COM defines the DCE
symbol IMPORT which is used to invoke the DCE IMPORT utility. If this
symbol is not defined in your environment, you can define the symbol
as follows:
$ IMPORT :== $SYS$SYSTEM:DCE$IMPORT
o By issuing the RUN command.
$ RUN SYS$SYSTEM:DCE$IMPORT
IMPORT>
3 – Messages
3.1 – IMP_ACCEXISTS
account for <principal> already exists in DCE
Explanation:
An attempt has been made to recreate an account for
<principal> in the DCE registry.
User Action:
None. This is a warning indicating that this suboperation
in the IMPORT operation was previously performed.
3.2 – IMP_ADDDCE
username <username> successfully imported into DCE
Explanation:
A DCE account has been successfully created for OpenVMS
username <username>.
User Action:
None.
3.3 – IMP_ADDDCEACC
account for <principal> successfully added to DCE
Explanation:
A DCE account was successfully created for <principal>.
User Action:
None. This is an informational message displayed only if
/INFORM is specified on the DCE IMPORT command line.
3.4 – IMP_ADDDCEPRN
principal <principal> successfully added to DCE
Explanation:
Principal <principal> record successfully created in the
DCE registry.
User Action:
None. This is an informational message displayed only when
/INFORM is specified on the DCE IMPORT command line.
3.5 – IMP_ADDDCEUAF
username <username> successfully added to DCE$UAF
Explanation:
Username <username> successfully added to the DCE$UAF file.
User Action:
None. This is an informational message displayed only if
/INFORM is specified on the DCE IMPORT command line.
3.6 – IMP_BINDERR
error binding to DCE security registry
Explanation:
Unable to bind to the DCE security server.
User Action:
Note accompanying DCE error message for more details.
3.7 – IMP_CREDCEUAF
created new DCE$UAF file
Explanation:
A new DCE$UAF file was created.
User Action:
None.
3.8 – IMP_DCEERR
<DCE error message>
Explanation:
Accompanying DCE error message supplied with other
DCE IMPORT error messages.
User Action:
Use this message to determine the cause of the problem.
3.9 – IMP_DCELOGIN
error in DCE login
Explanation:
An error occurred during DCE login.
User Action:
Enter a valid DCE username and password when prompted by
DCE IMPORT.
3.10 – IMP_DCEUAFERR
error searching DCE$UAF
Explanation:
An error occurred while searching the DCE$UAF file.
User Action:
Note the accompanying error message for more details.
3.11 – IMP_DELACC
account for principal <principal> deleted from DCE
Explanation:
DCE account for <principal> was deleted from the DCE registry.
This occurs when an atomic IMPORT operation fails during one
of its suboperations. Such failure prompts a backout of all
suboperations successfully performed during this IMPORT
operation. Deleting the account is one such backout operation.
User Action:
None. This is an informational message displayed only when
/INFORM is specified on the DCE IMPORT command line.
3.12 – IMP_DELDCEUAF
username <username> successfully deleted from DCE$UAF
Explanation:
Username <username> deleted from DCE$UAF file.
User Action:
None. This is an informational message displayed only if
/INFORM is specified on the DCE IMPORT command line.
3.13 – IMP_DELFRGRP
principal <principal> from group <group>
Explanation:
Principal <principal> was deleted from <group> in the DCE
registry. This occurs when an atomic IMPORT operation fails
during one of its suboperations. Such failure prompts a
backout of all suboperations successfully performed during
this IMPORT operation. Deleting the principal from the group
is one such backout operation.
User Action:
None. This is an informational message displayed only when
/INFORM is specified on the DCE IMPORT command line.
3.14 – IMP_DELFRORG
principal <principal> deleted from organization <organization>
Explanation:
Principal <principal> was deleted from <organization> in the
DCE registry. This occurs when an atomic IMPORT operation
fails during one of its suboperations. Such failure prompts
a backout of all suboperations successfully performed during
this IMPORT operation. Deleting the principal from the
organization is one such backout operation.
User Action:
None. This is an informational message displayed only when
/INFORM is specified on the DCE IMPORT command line.
3.15 – IMP_DELPRN
principal <principal> deleted from DCE
Explanation:
Principal <principal> was deleted from the DCE registry.
This occurs when an atomic IMPORT operation fails during one
of its suboperations. Such failure prompts a backout of all
suboperations successfully performed during this IMPORT
operation. Deleting the principal is one such backout
operation.
User Action:
None. This is an informational message displayed only when
/INFORM is specified on the DCE IMPORT command line.
3.16 – IMP_ERRADDGRP
error adding principal <principal> to group <group>
Explanation:
Could not add <principal> to <group> in the DCE registry.
User Action:
Note the accompanying DCE error message for more details.
3.17 – IMP_ERRADDORG
error adding principal <principal> to organization <organization>
Explanation:
Could not add <principal> to <organization> in DCE registry.
User Action:
Note the accompanying DCE error message for more details.
3.18 – IMP_ERRACCEXC
error accessing DCE IMPORT exclude file
Explanation:
Could not access the DCE IMPORT exclude file.
User Action:
Note the accompanying error message for more details.
3.19 – IMP_ERRADDEXC
adding username to DCE IMPORT exclude file
Explanation:
Could not add the requested username to the DCE IMPORT
exclude file.
User Action:
Note the accompanying error message for more details.
3.20 – IMP_ERRADDUAF
error adding username to DCE$UAF file
Explanation:
Could not add the imported username to the DCE$UAF file.
User Action:
Note the accompanying error message for more details.
3.21 – IMP_ERRCRACC
error creating account for <principal>
Explanation:
Could not create a DCE account for <principal>.
User Action:
Note the accompanying DCE error message for more details.
3.22 – IMP_ERRCRDCEUAF
error creating DCE authorization file
Explanation:
An error occurred while attempting to create the
DCE$UAF file.
User Action:
See accompanying message for details.
3.23 – IMP_ERRCRPRN
error creating principal <principal>
Explanation:
Could not create a principal in the DCE registry.
User Action:
Note the accompanying DCE error message for more details.
3.24 – IMP_ERRDCEUAF
error accessing DCE authorization file
Explanation:
An error occurred while attempting to access the
DCE$UAF file.
User Action:
See accompanying message for details.
3.25 – IMP_ERRDELACC
error deleting account for <principal>
Explanation:
Unable to delete account for <principal> from DCE registry.
User Action:
See accompanying DCE error message for more details.
3.26 – IMP_ERRDELEXC
error deleting username from DCE IMPORT exclude file
Explanation:
Could not remove requested username from the DCE IMPORT
exclude file.
User Action:
Note the accompanying error message for more details.
3.27 – IMP_ERRDELFRGRP
error deleting principal <principal> from group <group>
Explanation:
An error occurred while deleting <principal>
from <group> in the DCE registry. This delete operation is
performed if the overall IMPORT operation failed and a
backout of changes applied to the DCE registry is
required.
User Action:
See accompanying DCE message for details.
3.28 – IMP_ERRDELFRORG
error deleting principal <principal> from organization
<organization>
Explanation:
An error occurred while deleting <principal> from
<organization> in the DCE registry. This delete
operation is performed if the overall IMPORT
operation failed and a backout of changes applied to the
DCE registry is required.
User Action:
See accompanying DCE message for details.
3.29 – IMP_ERRDELPRN
error deleting principal <principal>
Explanation:
Unable to delete <principal> from DCE registry
User Action:
See accompanying DCE error message for more details
3.30 – IMP_ERRDELUAF
error deleting username from DCE$UAF file
Explanation:
Could not delete a username from the DCE$UAF file.
User Action:
Note the accompanying error message for more details.
3.31 – IMP_ERRCHGAUT
error changing account authorization policy
Explanation:
Could not change the DCE account's authorization policy.
User Action:
Note the accompanying DCE error message for more details.
3.32 – IMP_ERRSPAWN
error spawning sub-process
Explanation:
An error occurred while spawning a subprocess on the SPAWN
command.
User Action:
Refer to appropriate OpenVMS documentation for resolution.
3.33 – IMP_ERRSYSUAF
error accessing SYSUAF file
Explanation:
Could not access the OpenVMS SYSUAF file.
User Action:
See accompanying OpenVMS or RMS error message for more
details.
3.34 – IMP_EXCADD
username <username> added to DCE IMPORT exclude list
Explanation:
Username <username> successfully added to the DCE IMPORT
exclude file. A DCE account will not be created for this
username.
User Action:
None.
3.35 – IMP_EXCDEL
username <username> removed from DCE IMPORT exclude list
Explanation:
Username <username> successfully removed from DCE IMPORT
exclude file. A subsequent IMPORT session could be used to
create a DCE account for this username.
User Action:
None.
3.36 – IMP_EXCLUDED
username <username> has been excluded from DCE
Explanation:
Username <username> cannot be imported since it has been
excluded from the DCE registry.
User Action:
None. This is an informational message displayed when /INFORM
is specified on the DCE IMPORT command line.
3.37 – IMP_INDCE
username <username> already imported into DCE
Explanation:
An import operation was attempted on an already imported
OpenVMS username.
User Action:
None. This is an informational message displayed only when
/INFORM is specified on the DCE IMPORT command line.
3.38 – IMP_INDCEUAF
user <username> already in DCE$UAF
Explanation:
Username <username> already exists in the DCE$UAF.DAT file.
User Action:
None. This is a warning indicating that this suboperation in
the IMPORT operation was previously performed.
3.39 – IMP_INEXCLUDE
username <username> already in DCE IMPORT exclude file
Explanation:
Username <username> has previously been added to the DCE
IMPORT exclude file.
User Action:
None. This informational message is displayed when an exclude
operation is attempted on an already excluded username and
is displayed only when /INFORM is specified on the DCE
IMPORT command line.
3.40 – IMP_INTINPDEV
internal error opening input device
Explanation:
Error opening SYS$INPUT.
User Action:
Verify user runtime environment. See to appropriate OpenVMS
documentation for more details.
3.41 – IMP_INITERROR
initialization error
Explanation:
An error occurred during DCE IMPORT's initialization phase.
User Action:
Note error messages accompanying or directly preceding this
message.
3.42 – IMP_INITWAIT
initializing.....
Explanation:
DCE IMPORT is in initialization mode.
User Action:
None.
3.43 – IMP_INVPASSWD
password validation failed. Please retry
Explanation:
The password entered when prompted for a retype does not
match the originally entered password.
User Action:
Enter correct password for original and retype entry.
3.44 – IMP_INPREQ
input required!
Explanation:
Input not entered where input was mandatory.
User Action:
Provide required input.
3.45 – IMP_INTERROR
internal error
Explanation:
DCE IMPORT internal error occurred.
User Action:
Contact your support engineer or Submit a Quality Assurance
Report (QAR).
3.46 – IMP_INVDATETM
invalid date/time
Explanation:
Date/time entered has invalid format.
User Action:
Enter date/time in standard format (dd-MMM-yyyy hh:mm:ss).
3.47 – IMP_NODCEUAF
unable to open DCE authorization file
Explanation:
Error occurred while attempting to open the DCE$UAF file
User Action:
See accompanying message for details.
3.48 – IMP_NOEXCUSR
no excluded users
Explanation:
No users listed in DCE IMPORT exclude file.
User Action:
None.
3.49 – IMP_NOGRP
group name not specified
Explanation:
Mandatory qualifier /GROUP not specified during a noninter-
active IMPORT session.
User Action:
Provide the /GROUP qualifier with the group name on the
command line.
3.50 – IMP_NOORG
organization name not specified
Explanation:
Mandatory qualifier /ORGANIZATION not specified during a
noninteractive IMPORT session.
User Action:
Provide the /ORGANIZATION qualifier with the organiation
name on the command line.
3.51 – IMP_NOPRIN
principal <principal> does not exist in DCE Registry
Explanation:
Principal <principal> does not exist in the DCE Registry.
This means that <principal> does not have a corresponding
OpenVMS username/account.
User Action:
None.
3.52 – IMP_NOSUCHEXC
no such username in exclude file
Explanation:
Username specified does not exist in DCE IMPORT's exclude
file.
User Action:
Specify username that exists in DCE IMPORT's exclude file.
Enter command SHOW/EXCLUDE to display the entire exclude
list.
3.53 – IMP_NOSUCHGRP
no group <group>. Please choose a valid group
Explanation:
The group name specified is nonexistent in the DCE registry.
User Action:
Choose a valid group name. Use the DCE tool RGY_EDIT to
search the DCE registry for group names.
3.54 – IMP_NOSUCHORG
no organization <organization>. Please choose a valid organization
Explanation:
The organization name specified is nonexistent in the DCE
registry.
User Action:
Choose a valid organization name. Use the DCE tool RGY_EDIT
to search the DCE registry for organization names.
3.55 – IMP_NOSCHPRM
corresponding primary principal not found in DCE
Explanation:
The DCE principal name specified as the primary principal
while attempting to create an alias principal name is non-
existent in the DCE registry.
User Action:
Use the correct DCE principal name. Use the DCE tool RGY_EDIT
to view the DCE registry.
3.56 – IMP_NOSCHUSR
OpenVMS username <username> does not exist on this system
Explanation:
An attempt was made to import a nonexistent OpenVMS user.
User Action:
Choose a valid OpenVMS user.
3.57 – IMP_OUTOPNERR
error opening alternate output
Explanation:
Could not access output medium
User Action:
If /OUTPUT was specified, verify the file name supplied with
/OUTPUT. If /OUTPUT was not specified, check user runtime
environment. See appropriate OpenVMS documentation for more
details.
3.58 – IMP_PREXISTS
principal <principal> already exists in DCE
Explanation:
An attempt has been made to add <principal> to the DCE
registry.
User Action:
None. This is a warning indicating that this suboperation in
the IMPORT operation was previously performed.
3.59 – IMP_PRINGRP
principal <principal> already exists in group <group>
Explanation:
An attempt was made to add <principal> to DCE group <group>
when it already was a member of the group. This action was
attempted during an import operation.
User Action:
None. This is an informational message displayed only when
/INFORM is specified on the DCE IMPORT command line.
3.60 – IMP_PRINORG
principal <principal> already exists in organization <organization>
Explanation:
An attempt was made to add <principal> to DCE organization
<organization> when it was already a member of that
organization. This action was attempted during an import
operation.
User Action:
None. This is an informational message displayed only when
/INFORM is specified on the DCE IMPORT command line.
3.61 – IMP_PRINUSE
principal <principal> in use by another OpenVMS username
Explanation:
The DCE principal name specified for the OpenVMS username
being imported is associated with another OpenVMS username.
User Action:
Choose a DCE principal name that is not associated with any
OpenVMS username.
3.62 – IMP_RANGEERR
error in entry! Number must be between 1 and 65535
Explanation:
The value entered for quota is not within the desired range.
User Action:
Enter a number between 1 and 65535.
3.63 – IMP_TIMERR
DCE time configuration error
Explanation:
Time configuration incorrect on the DCE system.
User Action:
Refer to the Troubleshooting chapter in the HP DCE for
OpenVMS Alpha and OpenVMS I64 Product Guide.
3.64 – IMP_TOOLONG
input for <qualifier> too long
Explanation:
Value of <qualifer> is longer than expected maximum size of
value.
User Action:
Enter a value that is within the valid size range.
3.65 – IMP_USERERR
error getting input from user
Explanation:
Error occurred while getting user input.
User Action:
Provide valid input.
4 – ADD
Adds OpenVMS usernames. The ADD command can only be used
with the following qualifier:
o ADD/EXCLUDE Adds an OpenVMS username to the IMPORT
exclude list (see /EXCLUDE).
/EXCLUDE
Adds an OpenVMS username to the IMPORT exclude list.
Format:
ADD/EXCLUDE USERNAME
Parameters
username
Specifies the name of the OpenVMS account to be added to
the IMPORT exclude list.
5 – DELETE
Deletes OpenVMS usernames. The DELETE command can only be used
with the following qualifier:
o DELETE/EXCLUDE Deletes an OpenVMS username from the IMPORT
exclude list (see /EXCLUDE).
/EXCLUDE
Deletes an OpenVMS username from the IMPORT exclude list.
Format:
DELETE/EXCLUDE USERNAME
Parameters
username
Specifies the name of the OpenVMS account to be deleted
from the IMPORT exclude list.
6 – EXIT
Exits the IMPORT utility. You can also exit IMPORT by
pressing the Ctrl/Z key.
Format:
EXIT
7 – IMPORT
The IMPORT command is used to create DCE accounts based on
OpenVMS accounts from an existing System Authorization File
(SYSUAF).
Format:
IMPORT VMS-USERNAME
Qualifiers Defaults
/[NO]CONFIRM
/DCE_LOGIN=(keyword=value,...)
/[NO]IMPORT /IMPORT
/[NO]EXCLUDE /NOEXCLUDE
/[NO]INFORM /INFORM
/[NO]INTERACTIVE /INTERACTIVE
/MY_PASSWORD=passwd None
/OUTPUT[=output] /OUTPUT=SYS$OUTPUT:
/[NO]RECAP /NORECAP
/[NO]TEST_ONLY /NOTEST_ONLY
Data Qualifiers Defaults
/[NO]EXPIRATION_DATE=d /NOEXPIRATION_DATE
/FLAGS=flags
/GOOD_SINCE_DATE=date /GOOD_SINCE_DATE=now
/GROUP=group "none"
/HOME_DIRECTORY=string None
/LIFETIME=hours Taken from registry authorization
policy
/LOGIN_SHELL=string None
/MISCELLANEOUS=string None
/ORGANIZATION=organiza "none"
/PASSWORD=passwd No valid password
/PRINCIPAL=principal
/RENEWABLE_LIFETIME=ho Taken from registry authorization
policy
7.1 – Parameters
vms-username
Specifies the name of the OpenVMS account that is to be
imported.
If an asterisk is specified in place of the vms-username,
all accounts from the OpenVMS system authorization
file are selected.
7.2 – Qualifiers
7.2.1 /CONFIRM
/CONFIRM
/NOCONFIRM
Controls whether the IMPORT command asks for confirmation
before creating a DCE principal or account, or both.
In interactive mode the default is /CONFIRM. In non-
interactive mode the default is /NOCONFIRM.
7.2.2 /DCE_LOGIN=(keyword=valud[,...])
/DCE_LOGIN=(keyword=valud[,...])
Provides DCE account details for accounts that are authorized to
create pricipals and accounts in the DCE registry. Valid keywords
for the DCE_LOGIN qualifier are as follows:
Keyword Description
PRINCIPAL The principal name to be used for
authentication purposes when creating
accounts and/or principals in the DCE
registry.
If you do not specify a principal with this
qualifier you are prompted for one
interactively.
PASSWORD The password associated with the principal
name that was specified by the PRINCIPAL
keyword.
If you do not specify a password with this
qualifier you are prompted for one
interactively.
If you do not specify a principal or password with this
qualifier, you are prompted for them interactively, regardless
of whether or not you are running in interactive mode. This
information need be entered only once per session, on the first
IMPORT command. Subsequent IMPORT commands within the same
session do not require you to reenter this information.
If you are an interactive user and you do not specify the
PASSWORD keyword, IMPORT prompts you for your password. The
advantage in this is the password is not echoed and therefore
does not appear on your terminal.
7.2.3 /EXCLUDE
/EXCLUDE
/NOEXCLUDE (default)
Determines whether or not the OpenVMS account is imported
to the DCE registry. If the OpenVMS account is not imported
then the DCE account is not created and instead an entry
is created in the IMPORT exclude file for the specified
OpenVMS account.
7.2.4 /INFORM
/INFORM (default)
/NOINFORM
Determines whether or not the user is informed of OpenVMS
accounts that would have been selected for import, but are
not because they either have already been imported (for example,
they have an entry in the DCE$UAF) or they have an entry in
the IMPORT exclude file.
7.2.5 /INTERACTIVE
/INTERACTIVE (default)
/NOINTERACTIVE
Controls whether an interactive or noninteractive import
is performed.
In interactive mode, a series of questions is asked and the
user's responses are used to determine the account details.
This mode is well suited to interactive users.
In noninteractive mode, all input is supplied through the data
qualifiers, and any missing or conflicting data causes
the DCE account to not be created. This mode is well suited
to command files and batch jobs.
Data qualifiers can be specified in interactive mode.
In this case the data they provide is used to provide the
default answers to the relevant questions. All questions
are still asked.
7.2.6 /MY_PASSWORD=passwd
/MY_PASSWORD=passwd
DCE requires that you specify your current DCE password
for authentication purposes. If you do not specify your
DCE password with this qualifier you are prompted for
it interactively, regardless of if you are running in
interactive mode or not.
Omitting this qualifier and allowing IMPORT to prompt you
for your DCE password has the advantage that in this case
the password is not echoed and does therefore not appear on
your terminal if you are an interactive user.
OUTPUT[=output]
/OUTPUT[=output]
Defines where all program output should be written.
The default is SYS$OUTPUT:.
7.2.7 /RECAP
/RECAP
/NORECAP (default)
If /RECAP is specified details of the DCE account are
displayed before it is actually created. When /CONFIRM
is also specified the account details are displayed
immediately before the confirmation request.
7.2.8 /TEST_ONLY
/TEST_ONLY
/NOTEST_ONLY (default)
If /TEST_ONLY is specified, DCE accounts and DCE$UAF
entries are not created. All other functions operate normally.
7.3 – Data Qualifiers
7.3.1 /EXPIRATION_DATE=date
/EXPIRATION_DATE=date
/NOEXPIRATION_DATE (default)
Specifies the expiration date for the DCE account.
If not specified, or if /NOEXPIRATION_DATE is specified,
then the DCE account is created without an expiration date.
7.3.2 /FLAGS=([no]keyword[,...])
/FLAGS=([no]keyword[,...])
Specifies several attributes of the DCE account. The
keywords you can specify are:
Keyword Description
ACCOUNT_VALID A flag that is set to determine account
validity. An account without this flag set
is invalid and cannot log in.
The default is ACCOUNT_VALID.
CLIENT A flag that is set to indicate whether or
not the account is for a principal that
can act as a client.
The default is CLIENT.
DUPLICATE_KEYS A flag that is set to determine if tickets
issued to the account's principal can have
duplicate keys.
The default is NODUPLICATE_KEYS.
FORWARDABLE_ A flag that is set to determine whether a
CERTIFICATES new ticket-granting ticket with a network
address that differs from the present
ticket-granting ticket network address can
be issued to the account's principal. (The
Proxiable Certificate Flag performs the
same function for service tickets.)
The default is FORWARDABLE_CERTIFICATES.
PASSWORD_VALID A flag that is set to determine whether
the current password is valid. If this
flag is not set, the next time the
principal logs in to the DCE account,
the system prompts the principal to change
his password.
The default is PASSWORD_VALID.
POSTDATED_ A flag that is set to determine if tickets
CERTIFICATES with a start time some time in the future
can be issued to the account's principal.
The default is NOPOSTDATED_CERTIFICATES.
PROXIABLE_ A flag that is set to determine whether or
CERTIFICATE not a new ticket with a different network
address than the present ticket can be
issued to the account's principal. (The
Forwardable Certificate Flag performs
the same function for ticket-granting
tickets.)
The default is NOPROXIABLE_CERTIFICATE.
RENEWABLE_ A flag that is set to determine if the
CERTIFICATE ticket-granting ticket issued to the
account's principal can be renewed.If this
flag is set the authentication service
renews the ticket-granting ticket if its
lifetime is valid.
The default is RENEWABLE_CERTIFICATE.
SERVER A flag that is set to indicate whether or
not the account is for a principal that
can act as a server.
The default is SERVER.
TGT_ A flag that is set to determine whether
AUTHENTICATION or not tickets issued to the account's
principal can use the ticket-granting
ticket authentication mechanism.
The default is TGT_AUTHENTICATION.
7.3.3 /GOOD_SINCE_DATE=date
/GOOD_SINCE_DATE=date
Specifies the date and time that the account was known to be in
an uncompromised state.
If not specified, the Good Since Date is set to the current date
and time.
7.3.4 /GROUP=group
/GROUP=group
Specifies the name of an existing DCE group that is
associated with the account being created. Note that if
the group does not exist it is not be created by IMPORT.
The default group name is "none".
7.3.5 /HOME_DIRECTORY=string
/HOME_DIRECTORY=string
Specifies the directory in which the principal is placed at
login.
If not specified the DCE account is created without a Home
Directory.
7.3.6 /LIFETIME=hours
/LIFETIME=hours
Specifies the maximum amount of time, in hours, that a
ticket can be valid.
If not specified the Maximum Certificate Lifetime defined
as registry authorization policy is used.
7.3.7 /LOGIN_SHELL=string
/LOGIN_SHELL=string
Specifies the shell that is executed when a principal logs in.
If not specified the DCE account is created without a login
shell.
7.3.8 /MISCELLANEOUS=string
/MISCELLANEOUS=string
Specifies a text string that is typically used to describe
the use of the account.
If not specified the DCE account is created without a
miscellaneous value.
7.3.9 /ORGANIZATION=organization
/ORGANIZATION=organization
Specifies the name of an existing DCE organization that is
associated with the account being created. Note that if the
organization does not exist it is not be created by IMPORT.
The default organization name is "none".
7.3.10 /PASSWORD=passwd
/PASSWORD=passwd
Specifies the password to be assigned to the DCE account.
If not specified the DCE account is created without a valid
DCE password.
7.3.11 /PRINCIPAL=(keyword[,...])
/PRINCIPAL=(keyword[,...])
Specifies the principal that is associated with the DCE
account that is being created.
If an existing principal is to be associated with the DCE
account being created then you need only specify NAME (and
ALIAS if its an alias principal). The other keywords are
only used when a new principal is created.
The keywords you can specify are:
Keyword Description
ALIAS Specifies that the principal defined
by the NAME keyword is an alias. By
default the name is considered a primary
principal.
CASE=keyword Specifies how the principal name should be
Formatted. For example, to specify that the
principal name should be all lowercase, use
/PRINCIPAL=CASE=LOWERCASE. Possible
keywords are:
NOEDIT Do not perform any
Format:ting. This is the
default.
LOWERCASE[=n1[,n2]]Convert the principal
name so that the first
n1 characters and last
n2 are lowercase, and the
remainder are uppercase.
If you do not specify
a value for n1 then
the entire principal is
converted to lowercase.
If you do not specify a
value for n2 then 0 is
used.
UPPERCASE[=n1[,n2]]Convert the principal
name so that the first
n1 characters and last
n2 are uppercase, and the
remainder are lowercase.
If you do not specify
a value for n1 then
the entire principal is
converted to uppercase.
If you do not specify a
value for n2 then 0 is
used.
The default is NOEDIT.
FULL_ An optional string that is used to more
NAME=string fully qualify a primary name. If the name
contains spaces, lowercase characters, or
any other special characters, enclose the
string in quotes.
The default is no full name.
NAME=name The standard name (primary or alias) that
is associated with the DCE account. If
the name contains spaces, lowercase
characters, or any other special
characters, enclose the string in quotes.
The default is to take the username
from the system authorization file
(SYSUAF) record, edit it according to
the CASE keyword, and then use this as the
principal name.
OBJECT_ The number of registry objects that can be
CREATION_ created by the principal.
QUOTA=number If you do not specify this keyword then
no quota is established and the principal
can create an unlimited number of registry
objects.
UNIX_ID=number The required UNIX ID that is associated
with the principal.
If a primary principal is being created
you can omit the UNIX ID and one is
generated automatically.
If an alias principal is being created
you must specify the UNIX ID of the
corresponding primary principal.
7.3.12 /RENEWABLE_LIFETIME=hours
/RENEWABLE_LIFETIME=hours
Specifies the amount of time, in hours, before a
principal's ticket-granting ticket expires and that
principal must log into the system again to reauthenticate
and obtain another ticket-granting ticket.
If not specified the Maximum Certificate Renewable Lifetime
defined as registry authorization policy is used.
8 – SHOW
Displays OpenVMS usernames. The SHOW command can only be used
with the following qualifier:
o SHOW/EXCLUDE Displays OpenVMS usernames in the IMPORT
exclude list (see /EXCLUDE).
/EXCLUDE
Displays OpenVMS usernames in the IMPORT exclude list.
Format:
SHOW/EXCLUDE [USERNAME]
Qualifiers Defaults
/ALL
/OUTPUT=output /OUTPUT=SYS$OUTPUT:
8.1 – Parameters
username
Specifies the name of the OpenVMS account to be displayed
from the IMPORT exclude list. Full OpenVMS wildcarding is
allowed.
If /ALL is on the command line, do not specify a username.
8.2 – Qualifiers
8.2.1 /ALL
/ALL
Specifies that all IMPORT exclude entries are to be
displayed. If you do not specify username, then /ALL is
assumed.
8.2.2 /OUTPUT=output
/OUTPUT=output
Determines where the output is written.
The default is SYS$OUTPUT:.