Use this task to create, view, and edit user properties.
A user can be a member of up to 64 groups and must have the same
registry type as the groups, which it is assigned to.
Fields
- User ID
- Specify a unique decimal integer string to associate with this
user account on the system. If you do not specify an user ID, one
is specified for you.
The specified user ID is created on all cluster
nodes or in the Lightweight Directory Access Protocol (LDAP) server.
If you do not specify this value, the AIX® operating
system can assign different user IDs on each node.
A
mismatch of user IDs for an account can prevent a user from logging
on to another cluster node in the event of a fallover.
- Primary group
- Select the group for the user to log in to for the first time.
If you do not specify a primary group, one is chosen for you.
- Registry
- Select a method for storing authentication, group, and user information.
If
Lightweight Directory Access Protocol (LDAP) is defined for the cluster,
the default method is
LDAP. If LDAP is not
defined,
Local is the default method and you
cannot edit this value.
- LDAP
- All information and credentials are stored in the LDAP server.
- Local
- All information and credentials are stored locally on each affected
node in the cluster. More than one node can be targeted.
- Roles
- Select a role for the user for PowerHA® SystemMirror.
Roles
define the tasks that a user can access and perform. A selection for
this field is required only if the registry type is
LDAP.
- Admin
- The user has operator, configuration, and other privileges that
are granted to the administrator role.
Examples of administrator
privileges include modifying the server user ID and password, configuring
authentication and authorization mechanisms, enabling or disabling
administrative security, and others.
Note: An admin
user can map users to the admin roles.
- Monitor
- The user has monitor privileges and access to change the runtime
state.
Examples of monitor privileges include stopping and starting
the server, monitoring the server status, and others.
- Operator
- The user is able to view reports such as the WebSphere® Application Controller configuration,
the current state of the Application Controller, and others.
- Viewer
- The user is able to view PowerHA SystemMirror log files
in /var/hacmp* /var/log/clcomd.
- Login authentication grammar
- Shows the method for the user to authenticate successfully before
gaining access to the system. If LDAP is defined for the cluster,
the default is LDAP.
- EFS keystore access
- Select an option to create a keystore file associated with this
user that allows access to encrypted file systems (EFS).
- Yes
- A keystore file is created to use file systems with encryption
enabled.
- No
- A keystore file is not created, and all other EFS attributes do
not have effect.
- Keystore password mode
- Select the mode for resetting the keystore password for the root
or other privileged users.
- Admin
- Privileged system users (for example, root) are allowed to reset
the user keystore password, but they are not able to access the user
EFS file system.
- Guard
- The administrative user cannot reset the user keystore password.
- Keystore encryption algorithm
- Select the algorithm that is used to generate the key for the
user within the keystore. This key protects the encrypted key for
files that the user creates within the EFS.
- Administrative access
- Specify the location for the EFS admin keystore file in the keystore
of the user.
- LDAP
- Keystore attributes are stored in a centralized store called LDAP.
- Local
- Keystore attributes are stored locally in files. It is the common
approach in the AIX operating
system for the normal user, and for the group administration and management.
- File encryption algorithm
- Select the encryption algorithm and mode to be used for encrypted
files when they are created in an EFS.
For more information about adding users to security
group for clusters, see the Adding users to security groups topic in the AIX Information Center.