Use this task to create a PowerHA® SystemMirror user for the
cluster.
Fields
To configure EFS properties for a user, Encrypted File
System (EFS) must be configured for the cluster. If EFS is not configured,
you cannot specify information for any of the EFS fields.
Provide information for the following properties:
- Name
- Specify a unique name for the user that you are
creating. To ensure that your user database remains uncorrupted, you
must be careful when naming users. User names must not begin with
a hyphen (-), plus sign (+), at sign (@), or tilde (~). Additionally,
you cannot use any of the following characters in the name: colon
(:), single quotation mark (’), double quotation mark ("), number
sign (#), comma (,), equal sign (=), forward slash (/), backslash
(\), or a space ( ).
- User ID
- Specify a unique decimal integer string to associate with this
user account on the system. If you do not specify a user ID, one is
specified for you.
For a local registry configuration, PowerHA SystemMirror creates this
user ID on all cluster nodes. For a Lightweight Directory Access Protocol
(LDAP) registry configuration, PowerHA SystemMirror creates this
user ID on the LDAP server.
- Home directory
- Enter the full path of the directory for the user that you are
creating.
- Primary group
- Select a group as the primary group to which the user is to belong.
The primary group is the group under which the user accesses PowerHA SystemMirror for the first
time. If you do not specify a primary group, one is specified for
you.
Administrative user
Select whether to designate this user as an administrator.
- Registry
- Indicates the type of user registry that the cluster uses for
storing user information and for authenticating users. If the cluster
is configured to use a LDAP server, this option has a value of LDAP. If an LDAP server is not configured for the cluster,
this option has a value of Local.
- Login authentication grammar
- Indicates the method for the user to authenticate successfully
before gaining access to the system. If LDAP is defined for the cluster,
LDAP is the default value.
Available roles
Select one or more RBAC roles, and the authorizations
that they provide, to assign to this role. Click Add to
move them to the Selected roles list. For example,
you select role1 and role2.
When you assign this role to a user, you also are assigning role1 and role2 to
that user. To remove a role from the Selected roles list,
select the role and click Remove to return
the role to the Available roles list.
- EFS keystore access
- Select
whether to create a keystore file for this user that provides access
to Encrypted File Systems (EFS). If you select Yes, you can provide
information for the following EFS properties:
- Initial password mode
- Select one of the following modes to define how
the keystore password for the root user or other privileged users
can be reset:
- Admin
- Allows privileged system users (for example, the root user) to
reset the user keystore password. This option does not allow these
users to access the user EFS file system.
- Guard
- Prevents administrative users from resetting the user keystore
password.
- Keystore encryption algorithm
- Select the algorithm to use for generating the private key for
the user within the keystore. This key protects the encrypted key
for files that the user creates within EFS. The default value is RSA_1024.
- Administrative access
Indicates the location for storing the EFS administrator
keystore file in the keystore of the user. This property is set to
either the LDAP or the Local value,
based on the value of the Registry property.
- File encryption algorithm
- Select the encryption algorithm for encrypting files that the
user creates in an EFS. The default value is AES_128_CBC.
- Allow user to change keystore mode
- Select whether to allow the user to change value of the keystore
mode from the value that you selected for the Initial keystore
mode property.
For more information
about adding users to security groups for clusters, see the Adding users to security groups topic in the AIX® Information Center.