emppassword
EMPPASSWORD(1) EMPPASSWORD(1)
NAME
emppassword - Performs administrative functions for Empress password
files used by Empress Servers.
SYNOPSIS
emppassword -help
emppassword PASSWORD_FILE_SPEC COMMANDS
DESCRIPTION
emppassword is the utility that manages the password files used by
Empress Servers (Replication Master Server and Connectivity Server).
-help option prints a usage message.
PASSWORD_FILE_SPEC
Password File Specification.
There are two ways to inform the program about the location of the
Empress password file.
SERVER_NAME
Instructs emppassword utility to locate the password file of
Server specified by SERVER_NAME from the Network Configuration
Files.
Note: The Network Configuration Files need to be configured and
either or both of the environment variables MSNETSERVERCONFIG-
FILE or MSNETTYPECONFIGFILE have to be set to the correct Net-
work Configuration Files.
The location of the Empress password file is set by SECU-
RITY_PASSWORD_FILE configuration attribute in Network Configura-
tion Files.
emppassword will read and/or write the password file (which must
be located in the local machine) directly. Hence, the user must
have read and write permission to the password file.
emppassword does not communicate with the specified Server
SERVER_NAME. Hence, the password file can be set before the
Server is online.
-f FILE_NAME
specifies the name of the Empress password file.
COMMANDS
Main commands are:
add LOGIN [OPTIONS]
add user LOGIN into the password file
create create the password file
del LOGIN
delete user LOGIN from the password file
list [LOGIN] [-fast]
list user(s) information
upd LOGIN OPTIONS [OPTIONS]...
update user information of the user LOGIN
OPTIONS
The options are:
-accept[+-]HOST[,HOST]...
Add or remove host(s) from the accept control list of the speci-
fied user.
[+]HOST - The specified HOST (the plus sign is optional) is
added to the list of hosts allowed to connect the Empress
Server.
-HOST - The specified HOST is removed from the list allowed to
connect to the Empress Server.
A list of host names can be specified. Each host names must be
seperated from the preceding one, only by a comma. White spaces
are not allowed in the list.
If the accept list of an user in the password file is empty, the
accept control mechanism of that user is off. See also HOST
SPECIFICATION in this man page.
-accept off
Turn off accept control of the user. The content of accept con-
trol list stored in the password file will be ignored.
-accept on
Turn on accept control of the user. The content of accept con-
trol list stored in the password file will be used to determine
if the user is allowed to login to the server.
-c COMMENT
add or update the comment field of the user LOGIN. COMMENT is
required to be quoted if white space is used.
-fast This option is for the list operation. If this option is speci-
fied, the host name will not be printed beside the IP address of
the host. Depending on the Network Configuration, the system may
take a significant amount of time to resolve each host name if
this option is not used
-p This option is for update operation only. It indicates that the
password of the user LOGIN is going to be changed, so that emp-
password will prompt for the password.
-reject [+-]HOST[,HOST]...
Add or remove host(s) from the reject control list of the speci-
fied user.
[+]HOST : The given HOST (the plus sign is optional) is added to
the list of hosts prohibited to connect to the Empress Server.
-HOST : The given HOST is removed from the list of hosts prohib-
ited to connect to the Empress Server.
A list of host names can be specified. Each host name must be
seperated from the preceding one only by a comma. White spaces
are not allowed in the list.
If the reject list of user LOGIN is empty in the password file,
the reject control mechanism of that user is off.
See also HOST SPECIFICATION in this man page.
-reject off
Turn off reject control of the user LOGIN. The content of reject
control list stored in the password file will be ignored.
-reject on
Turn on reject control of the user LOGIN. The content of reject
control list stored in the password file will be used to deter-
mine if the user is allowed to login to the server.
HOST SPECIFICATION
The HOST hostname used in -accept and -reject options can have one of
the following formats:
localhost
The string localhost has a special meaning. It means the same
machine of the Server. The setting won't be translated to an IP
address.
HOSTNAME
The host name of the machine. It will be translated to an IP
address in numbers-and-dots notation.
HOSTNAME.DOMAIN
The host name of the machine. It will be translated to an IP
address in numbers-and-dots notation (for example
www.empress.com).
xxx.xxx.xxx.xxx
The IP address in numbers-and-dots notation (for example,
192.43.219.86).
xxx.xxx.xxx.*
The wild card specification to cover all IP address of a class C
network (for example, 192.43.219.*).
SETTING FOR ALL USERS
There is a special user entry "ALLUSERS" that can be used to set up
restriction for all users. You can use emppassword to set up "ALLUSERS"
like a normal user. However, nobody can login as "ALLUSERS".
AUTHENTICATION
Three pieces of user information are used for authentication: LOGIN,
PASSWORD and the IP address of REMOTE_HOST, the machine from which the
user logins. When a user logins to an Empress Server which uses
Empress password authentication, the user will be rejected if any of
the following conditions is true:
o The LOGIN does not exist in the password file.
o The PASSWORD is invalid.
o The reject control mechanism of ALLUSERS is on and the
REMOTE_HOST is in the reject list of ALLUSERS.
o The accept control mechanism of ALLUSERS is on and the
REMOTE_HOST is NOT in the accept list of ALLUSERS.
o The reject control mechanism of LOGIN is on and the REMOTE_HOST
is in the reject list of LOGIN.
o The accept control mechanism of LOGIN is on and the REMOTE_HOST
is NOT in the accept list of LOGIN.
FILES
EMPRESS database files.
SEE ALSO
empsvadm(1)
Empress: Server
HISTORY
Written by Empress Software Inc.. All material is copyrighted and
licensed. Use on non-licensed CPUs is prohibited.
Empress 8.62 Empress Software Inc. EMPPASSWORD(1)