SYSUAF.DOC (or AAAREADME.DOC) 04/23/92
Brian Lomasky
c/o TERADYNE, INC.
321 Harrison Ave., Mail Stop H87
Boston, MA 02118
(617) 422-2259
DEC's AUTHORIZE utility has two reporting options for the SYSUAF.DAT file:
1) Too little (AUTHORIZE LIST/BRIEF)
2) Too much (AUTHORIZE LIST/FULL)
This is almost useless for meeting the system manager's requirements of
maintaining and monitoring the SYSUAF and its users.
--------------------------------------------------------------------------------
SYSUAF V5.42 is a reporting program for the SYSUAF and RIGHTSLIST data files.
Simply turn on READALL (or equiv) privilege and run SYSUAF.EXE. (Do NOT install
this program with privilege; otherwise, any user could execute it). A menu of
reporting options will be displayed. The best way to see what is available is
to try them and see what data is displayed.
You can print reports either to the screen, to a data file (SYSUAF.LIS), or to
create a DCL command procedure (SYSUAF.COM) which can then be easily edited and
then executed.
SYSUAF.EXE will try to open SYS$SYSTEM:SYSUAF.EXE and SYS$SYSTEM:NETPROXY.EXE
(or SYS$SYSTEM:NETUAF.DAT), unless the logical name of SYSUAF and/or NETPROXY
(or NETUAF) is defined, in which case the SYSUAF.EXE program will try to open
the SYSUAF and/or NETPROXY (or NETUAF) files pointed to by the logical name(s),
respectively.
SYSUAF.BAS is the source code for the main program (written in VAX BASIC V3).
SYSUAF.DOC (or AAAREADME.DOC) is this file.
SYSUAF.EXE is the executable file for the main program.
SYSUAF.OBJ is the compiled SYSUAF.BAS object code.
TRANSFER_PWD_TO_NODE.BAS is the source code for the password-copying program
which is executed by the command file created by the SYSUAF.EXE report option
"L" (written in VAX BASIC V3).
TRANSFER_PWD_TO_NODE.EXE is the executable file for the password-copying program
(which must reside in a directory pointed to by the logical name: TOOLS:
in order to be available to the SYSUAF.COM command file created by
SYSUAF.EXE)
TRANSFER_PWD_TO_NODE.OBJ is the compiled TRANSFER_PWD_TO_NODE.BAS object code.
You do not need the TRANSFER_PWD_TO_NODE.* files if you never select the "L"
option on the SYSUAF menu.
You should not need to recompile or relink either of the executables unless you
need to change the features of the program. (Instructions for compiling and
linking SYSUAF are contained at the beginning of the source code). These
programs have been tested on VMS V4.6, V4.7 and V5.1, V5.2, V5.3, and V5.4.
Special note on report option "K":
Report option "K" is used to copy all SYSUAF.DAT data (except for
any encrypted password data - which is handled by the "L" option) for
selected users (based upon the responses to the other SYSUAF prompts)
from one node's SYSUAF.DAT to another node's SYSUAF.DAT. It does this
by creating a command file, which when executed, will copy the account
data. You will be prompted as to whether you want to copy only
usernames which do not have a matching username (as yet) on the remote
node or whether to copy data for all selected usernames (based upon the
responses to the other SYSUAF prompts).
Normally, you would run this option and then run option "L" to create
the two SYSUAF.COM command files which will then be subsequently
executed, as follows:
1) Copy the SYSUAF.COM command file produced by the report
option "K" to the remote node and execute it on the remote
node to add the required new accounts (less passwords).
2) Then execute the command file produced by the report option
"L" on the local node to copy the encrypted password
information from the local node's accounts to the accounts
on the remote node. The command file will prompt you for
the name of the remote node to be updated.
Besides the usual SYSPRV (or equiv) privilege that is required to run
this utility on the local node, you will also need a proxy from the
local node to a similarly-privileged account on the remote node in order
for the program to open both nodes' SYSUAF.DAT files for the transfer
operation.
Special note on report option "L":
Report option "L" is used to copy the encrypted password information
from one node's SYSUAF.DAT to another node's SYSUAF.DAT. It does this
by creating a command file, which when executed, will copy the data.
You will be prompted as to whether you want to copy only passwords whose
usernames do not have matching usernames (as yet) on the remote node or
whether to copy passwords for all selected accounts (based upon the
responses to the other SYSUAF prompts).
Note that the command file created by this option will attempt to
execute a utility called TRANSFER_PWD_TO_NODE.EXE which is located in
a logically-named directory called TOOLS: (You must define the TOOLS:
logical name and ensure that the executable resides in that directory,
prior to executing the command file).
This report option does not affect the local node's SYSUAF.DAT file in
any way; Only the remote node's encrypted password data in its
SYSUAF.DAT file is updated.
--------------------------------------------------------------------------------
The user is prompted for the following information (see below for
sample display):
The first prompt allows you to specify the type of report to be created.
The second prompt allows you to specify none or more options which will apply
to the selected report.
The third prompt allows you to specify a string of none or more characters
which indicate which field(s) are to appear in the report or command file.
The fourth prompt allows you to specify a string of none or more characters
which indicate which field(s) are to searched, so as to limit the output to
a subset of all accounts.
If you select report option "K" or "L", you will also be prompted as follows:
Do you want to skip users who have existing accounts on another node?
(Enter Y or N) <Y>
(If you respond with a "Y" to this prompt, you will be further prompted
to enter a node name to be compared against; all usernames on the local
node who also have an account on the remote node will be omitted from
the update process.)
--------------------------------------------------------------------------------
SYSUAF REPORT PROGRAM V5.42 --- Select Report Type:
Screen Output:
A) Normal Report
List File Output:
B) Normal Report
C) UAF Flags
D) Privileges Report (Default AND Authorized) (132-columns)
E) Users who have ever logged in
F) Users who have never logged in
G) Users who have not logged in within the past "n" days
H) Highly-privileged users, privileges, UICs, and privileged proxies
Command File Output:
I) MODIFY username/
J) REVOKE/IDENTIFIER identifier(s) username
K) To duplicate a user's account and identifiers (less Password)
L) To duplicate a user's encrypted password info onto another node
Enter the letter of the desired option (or CTRL/Z to exit):
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
**** Select none or more of the following report options: ****
1) Sort by UIC (instead of normal Username sorting)
2) Skip usernames which have existing accounts on another node
3) Skip usernames which do not have existing accounts on another node
4) When multiple search fields are specified, search for user records
which match ANY of the search criteria (rather than the default of
searching only for user records which match ALL of the search criteria)
5) Do not print any report headings (Default=Print Headings)
6) Truncate "too-long" fields so that most of them fit on the report
Enter none or more of the above options (concatenated as one string of chars):
==>
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
**** Besides the Username, select the data item(s) to appear on the report: ****
A) Access Restrictions Quotas: !) Last Password #1 Change Date
B) Account Expiration Date R) ASTLM @) Last Password #2 Change Date
C) Account Name S) BIOLM #) Last Interactive Login Date
D) Base Priority T) BYTLM $) Last Non-Interactive Login Date
E) CLI Name U) CPUTIME %) Number of Login Failures
F) CLI Table V) DIOLM ^) Any Existing Userdata
G) Default Device W) ENQLM &) Customer-site-specific data
H) Default Directory X) FILLM *) Held Identifiers
I) Login Command filespec Y) JTQUOTA
J) Login Flags Z) MAXACCTJOBS
K) Minimum Password Length 0) MAXDETACH
L) Owner Name 1) MAXJOBS
M) Password Lifetime 2) PBYTLM
N) Primary/Secondary Days 3) PGFLQUOTA
O) Privileges - Authorized 4) PRCLM
P) Privileges - Default 5) SHRFILLM
Q) UIC 6) TQELM
7) WSDEFAULT
8) WSEXTENT
9) WSQUOTA
Enter none or more of the above items (concatenated as one string of chars):
==>
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
**** Select none or more data items to SEARCH for: ****
A) Access Restrictions Quotas: !) Last Password #1 Change Date
B) Account Expiration Date R) ASTLM @) Last Password #2 Change Date
C) Account Name S) BIOLM #) Last Interactive Login Date
D) Base Priority T) BYTLM $) Last Non-Interactive Login Date
E) CLI Name U) CPUTIME %) Number of Login Failures
F) CLI Table V) DIOLM ^) Any Existing Userdata
G) Default Device W) ENQLM &) Customer-site-specific data
H) Default Directory X) FILLM *) Held Identifiers
I) Login Command filespec Y) JTQUOTA +) Un-Held Identifiers
J) Login Flags Z) MAXACCTJOBS
K) Minimum Password Length 0) MAXDETACH
L) Owner Name 1) MAXJOBS
M) Password Lifetime 2) PBYTLM
N) Primary/Secondary Days 3) PGFLQUOTA
O) Privileges - Authorized 4) PRCLM
P) Privileges - Default 5) SHRFILLM
Q) UIC Group 6) TQELM
7) WSDEFAULT
8) WSEXTENT
9) WSQUOTA
Enter none or more of the above items (concatenated as one string of chars):
==>
--------------------------------------------------------------------------------
SYSUAF V5.42 has the following changes:
1) A bug was corrected which caused text strings to print incorrectly
when creating a command file output.
2) The 132-col automatic screen-switching functionality is supressed
when creating a command file.
3) The additional prompting screens and object file descriptions were
included in this documentation file (SYSUAF.DOC or AAAREADME.DOC).
4) The owner name has been added to the "E" and "G" reports.