Hitachi

JP1 Version 12 JP1/Base User's Guide


8.1.2 Setting JP1 users (standard users)

In this section, you can set up JP1 users (standard users) for whom user authentication is performed from an authentication server. In cases performing user authentication through linking with a directory server (to use a linkage user or DS user), see 8.2 Setup for user authentication linking with the directory server (Windows only). Unless otherwise specified, JP1 user means JP1 user (standard user) in this section.

JP1 users must be set on a host specified as a primary authentication server. The JP1/Base service must also be running before you can set JP1 users. If the JP1/Base service is inactive, start the service before attempting to set JP1 users.

You can use the GUI or commands to set up JP1 users.

When an attempt is made to register a JP1 user or to change a JP1 user's password, the authentication server uses the password policy definitions to check the specified password. If the specified password is not compliant with the password policy, the authentication server outputs a warning message to the integrated trace log. By referring to the integrated trace log, you can identify the reason for non-compliance.

An error is output unless the specified password satisfies all the policy conditions set in the password policy definitions.

Important

When a password check based on the password policy definitions is enabled, entering a non-compliant password upon the execution of a command causes the KAVA5908-E message to be output.

Organization of this subsection

(1) Using the GUI to set up JP1 users

You can set JP1 users in the JP1 user area in the Authentication Server page of the JP1/Base Environment Settings dialog box.

To set information in the JP1 user area, you must activate it first. To do this, select (highlight) an authentication server in the Authentication Server field in the Order of authentication server area. Note, however, that the JP1 user area remains dimmed if:

If the Apply button is active, click the button. If the selected authentication server is blocked, clear that status as described in 8.4 Setup for handling the blocked status (using a secondary authentication server).

Clicking the Add button displays the JP1 User dialog box.

Figure 8‒3: JP1 User dialog box

[Figure]

In this dialog box, specify a JP1 user and password. Do not select the Link to the directory server check box. If you select this check box, the mode is changed to the linked-user mode, and you cannot enter a password.

JP1 user names must be specified in lower-case alphanumeric characters. If you use upper-case characters, they are automatically converted into lower-case characters. The password is case-sensitive. The following table lists the limits on the number of characters that can be used for JP1 user names and passwords.

Table 8‒1: Character limits on JP1 user names and passwords

Item

Number of bytes

Prohibited characters

JP1 user name

1 to 31 bytes

* / \ " ' ^ [ ] { } ( ) : ; | = , + ? < > and spaces and tabs

Password#

6 to 32 bytes

When no password policy is defined:

\ " : and spaces and tabs

When a password policy is defined:

As per the setting specified in the password policy definition file

#

For details on how to enable a password check that is based on a password policy, see 2.1.1(3) Password policy-based management.

When you click the OK or Cancel button, the Authentication Server page comes to the front.

The registered JP1 user name appears in the User field. If you want to change the password of a registered JP1 user, select the JP1 user in the JP1 user area, and then click the Change Password button.

To delete a JP1 user name listed in the User field, select the user name and click the Delete button. The selected JP1 user will be deleted.

(2) Using commands to set JP1 users

You can also use commands to register or delete JP1 users or change their passwords. JP1/Base also supports a command that lists the registered JP1 users. For details on the commands, see 15. Commands.

Registering a JP1 user:

To register a JP1 user on the authentication server, execute the following command:

jbsadduser JP1-user-name

For JP1-user-name, use lower-case characters.

This command prompts you to enter the password. The password is case-sensitive. For details on the characters that can be specified for user names and passwords, see Table 8-1.

When a password check based on the password policy definitions is enabled, a check is performed to verify if a password set upon the registration of a JP1 user is compliant with the password policy.

Changing the password of a JP1 user:

To change the password of a registered JP1 user, execute the following command:

jbschgpasswd JP1-user-name

When a password check based on the password policy definitions is enabled, a check is performed to verify if a password set during the process of changing a JP1 user's password is compliant with the password policy.

Deleting a JP1 user:

To delete a registered JP1 user, execute the following command:

jbsrmuser JP1-user-name
Listing the JP1 users:

To list the registered JP1 users, execute the following command:

jbslistuser