start of change

Create like user for a cluster

Use this task to create a PowerHA® SystemMirror user for the cluster based on the properties of a selected existing user.

In the Create Like User window, you can view all property information for the user. You can change the value for many of the properties just as you can for those same properties in the Create User task. To configure EFS properties for a user, EFS must be configured for the cluster. If EFS is not configured, you cannot specify information for any of the EFS fields.

Fields

Name
Specify a unique name for the user that you are creating. To ensure that your user database remains uncorrupted, you must be careful when naming users. User names must not begin with a hyphen (-), plus sign (+), at sign (@), or tilde (~). Additionally, you cannot use any of the following characters in the name: colon (:), single quotation mark (’), double quotation mark ("), number sign (#), comma (,), equal sign (=), forward slash (/), backslash (\), or a space ( ).
User ID
Specify a unique decimal integer string to associate with this user account on the system. If you do not specify a user ID, one is specified for you.

For a local registry configuration, PowerHA SystemMirror creates this user ID on all cluster nodes. For a Lightweight Directory Access Protocol (LDAP) registry configuration, PowerHA SystemMirror creates this user ID on the LDAP server.

Home directory
Enter the full path of the directory for the user that you are creating.
Primary group
Select a group as the primary group to which the user is to belong. The primary group is the group under which the user accesses PowerHA SystemMirror for the first time. If you do not specify a primary group, one is specified for you.
start of changeAdministrative userend of change
start of changeSelect whether to designate this user as an administrator.end of change
Registry
Indicates the type of user registry that the cluster uses for storing user information and for authenticating users. If the cluster is configured to use a LDAP server, this option has a value of LDAP. If an LDAP server is not configured for the cluster, this option has a value of Local.
Login authentication grammar
Indicates the method for the user to authenticate successfully before gaining access to the system. If LDAP is defined for the cluster, LDAP is the default value.
start of changeAvailable rolesend of change
start of changeSelect one or more RBAC roles, and the authorizations that they provide, to assign to this role. Click Add to move them to the Selected roles list. For example, you select role1 and role2. When you assign this role to a user, you also are assigning role1 and role2 to that user. To remove a role from the Selected roles list, select the role and click Remove to return the role to the Available roles list.end of change
EFS keystore access
Select whether to create a keystore file for this user that provides access to Encrypted File Systems (EFS). If you select Yes, you can provide information for the following EFS properties:
Note: If the EPS is not configured for the cluster, you cannot change this property or any of the following EFS properties for the user.
Initial keystore mode
Select one of the following modes to define how the keystore password for the root user or other privileged users can be reset:
Admin
Allows privileged system users (for example, the root user) to reset the user keystore password. This option does not allow these users to access the user EFS file system.
Guard
Prevents administrative users from resetting the user keystore password.
Keystore encryption algorithm
Select the algorithm to use for generating the private key for the user within the keystore. This key protects the encrypted key for files that the user creates within EFS. The default value is RSA_1024.
Administrative access
start of changeIndicates the location for storing the EFS administrator keystore file in the keystore of the user. This property is set to either the LDAP or the Local value, based on the value of the Registry property.end of change
File encryption algorithm
Select the encryption algorithm for encrypting files that the user creates in an EFS. The default value is AES_128_CBC.
Allow user to change keystore mode
Select whether to allow the user to change value of the keystore mode from the value that you selected for the Initial keystore mode property.

For more information about adding users to security groups for clusters, see the Adding users to security groups topic in the AIX® Information Center.

end of change