The SP system provides the ability for you to manage your user accounts by adding new users, deleting existing users, or changing the user account information from a single point of control. This optional SP user management facility ensures that users have the same account, home directory, and environment across all the nodes in the SP system.
The objective of any user management system is to ensure that the user account files, namely /etc/passwd, /etc/group, /etc/security/passwd, and /etc/security/group and optional password index files are consistent across all of your nodes. You can accomplish this by using Network Information Service (NIS), by distributing these files using file collections, or by some other means. The password index files /etc/passwd.nm.idx, /etc/passwd.id.idx, and /etc/security/passwd.idx are used for login performance.
If you use NIS, the SP system references the NIS maps that are located on the NIS master machine. The NIS maps provide each user with a single image of their user account information in the NIS domain. This information includes the user's login name, password, group information, default shell, and the name of the host where the home directory resides. If you use SP automounter support, the system also maintains automounter maps of mount points for the home directories. As the system administrator, you need to create and maintain the NIS environment on the NIS master machine in the /var/yp directory. The SP User Management commands do not interface with the NIS environment. For discussion of using NIS, refer to the appropriate NIS documentation or the book IBM International Technical Support Centers RS/6000 SP System Management: Easy, Lean and Mean.
If you are not using NIS, the SP User Management commands use the user.admin file collection to propagate the user administration files to the nodes of the system. You might want to use this file collection to keep other user management related files consistent across the nodes. For more information see The user.admin file collection.
In NIS, users can change their own passwords, as needed, while logged in any SP node. In non-NIS environments users must log into the host where the password file resides. The full path name for the password file is set during installation by using the passwd_file parameter of the spsitenv command or SMIT panels. Administrators can change passwords for any user account from the NIS master.
After you complete the installation and customization procedures, you establish an initial set of users from the existing user management files in your network. The SP system provides the ability for you to manage your user accounts by adding new users, deleting existing users, or changing the user account information.
Even though you use SP file collections, you can still use NIS in parallel for user administration. When you do use NIS, exclude the user administration files from the file collections and restore the /usr/bin/passwd executable (the original is stored as /usr/bin/passwd.orig).
Using the SP user management commands, you can add and delete users, change account information, and set defaults for your users' home directories. |To use the SP user management options, you can specify them during |the installation process or change them later by using SMIT panels or the |spsitenv command. The PSSP: Installation and Migration Guide contains detailed instructions for entering site environment information.
The following options, displayed in the Site Environment Information SMIT menu, pertain to user management:
You can specify a default host for users' home directories. If you use the SP automounter support the user management commands will use this host when building automounter maps to mount and link the home directories. If you do not specify a default, the initial value of the control workstation is assumed.
You can override the value in Hostname Home Directory Server when adding or modifying a user account with the spmkuser and spchuser commands.
If the users' home directories are served by a machine within the SP system and you follow the authentication setup described in Chapter 2, Security features of the SP system, then you need not do anything more to have the SP user management commands run correctly.
However, if the home directory server is outside the SP system, there are two cases:
In this case, when the SP user management commands are run, informational messages are displayed to show that authenticated commands could not be run. However, the user management task will be performed.
Enter another value to set another path as the default for your site. You can override the default path with the home attribute, spmkuser, and spchuser commands.
Any host that is serving user directories must have its /etc/exports file modified to grant access to all hosts that need to mount these directories. Export the file systems using exportfs -a after modifying the /etc/exports file.
The SP user management commands reside in the /usr/lpp/ssp/bin directory on the control workstation. You can add, change, delete, or list user accounts using either the SP commands or the SMIT interface.
For example, you can add new users to the SP system in any of the following ways:
The examples in this section show the first two methods. You can find the complete syntax for the commands in the PSSP: Command and Technical Reference.