8.3.2 Setting JP1 users

This section describes the JP1 users (standard users) for whom user authentication is performed from the authentication server. JP1 users must be set only from the hosts that are authentication servers (the primary authentication servers).

When an attempt is made to register a JP1 user or to change a JP1 user's password, the authentication server uses the password policy definitions to check the specified password. If the specified password is not compliant with the password policy, the authentication server outputs a warning message to the integrated trace log. By referring to the integrated trace log, you can identify the reason for non-compliance.

An error is output unless the specified password satisfies all the policy conditions set in the password policy definitions.

Important: When a password check based on the password policy definitions is enabled, entering a non-compliant password upon the execution of a command causes the KAVA5908-E message to be output.

You can use commands supported by JP1/Base to register or delete JP1 users or change their passwords. JP1/Base also supports a command that lists the registered JP1 users. For details on the commands, see 15. Commands.

Organization of this subsection

(1) Registering a JP1 user
(2) Changing a JP1 user's password:
(3) Deleting a JP1 user:
(4) Listing all JP1 users

(1) Registering a JP1 user

To register a JP1 user on the authentication server, execute the following command:

jbsadduser JP1-user-name

For JP1-user-name, use lower-case characters. This command prompts you to enter a password. The password is case-sensitive. The following table lists the limit on the number of characters that can be specified for the JP1 user name and password.

When a password check based on the password policy definitions is enabled, a check is performed to verify if a password set upon the registration of a JP1 user is compliant with the password policy.

Table 8‒8: Character limit for JP1 user names and passwords
Item	Number of bytes	Prohibited characters
JP1 user name	1 to 31 bytes	`* / \ " ' ^ [ ] { } ( ) : ; \| = , + ? <` `>` spaces and tabs
Password^#	6 to 32 bytes	When no password policy is defined: `\ " :` spaces and tabs When a password policy is defined: As per the setting specified in the password policy definition file

#: For details on how to enable a password check that is based on a password policy, see 2.1.1(3) Password policy-based management.

To Page Top

(2) Changing a JP1 user's password:

To change the password of a registered JP1 user, execute the following command:

jbschgpasswd JP1-user-name

When a password check based on the password policy definitions is enabled, a check is performed to verify if a password set during the process of changing a JP1 user's password is compliant with the password policy.

To Page Top

(3) Deleting a JP1 user:

To delete a registered JP1 user, execute the following command:

jbsrmuser JP1-user-name

To Page Top

(4) Listing all JP1 users

To list the registered JP1 users, execute the following command:

jbslistuser

To Page Top