Lorsque vous êtes sur la console HMC, vous pouvez changer les données d'un compte utilisateur, et notamment son mot de passe, en utilisant la commande 'chhmcusr'.
La première syntaxe permet ici de modifier le mot de passe d'un utilisateur USER1, tout en étant connecté avec le compte 'hscroot'.
hscroot@hmc1:~> chhmcusr -u USER1 -t passwd
Enter the new password:
Retype the new password:
Les autres informations sur cette commande sont données par la documentation officielle IBM donnée ci-dessous.
NAME
chhmcusr - change a Hardware Management Console user
SYNOPSIS
chhmcusr -u user-name
-t {assign | desc | name | passwd | pwage | taskrole |
auth | remoteuser}
[-o {a | r}] [-r {resource | resourcerole}]
[-v new-attribute-value]
[--remoteuser remote-user-name] [--localpasswd password]
[--help]
or
chhmcusr {-f input-data-file | -i "input-data"} [--help]
DESCRIPTION
chhmcusr changes attributes of a Hardware Management Console (HMC)
user.
OPTIONS
-u The user name of the HMC user to change.
You can either use this option, or use the name attribute with
the -f or -i option, to specify the user name. The -u, -f, and
-i options are mutually exclusive.
-t The user attribute to change. Valid values are assign for the
user's access control managed resource object assignment or man-
aged resource role assignment, desc for the user's description,
name for the user's user name, passwd for the user's password,
pwage for the number of days until the user's password expires,
taskrole for the user's access control task role, auth for the
user's authentication type, and remoteuser for the user's remote
user ID used for remote Kerberos authentication.
Only users that have the hmcsuperadmin task role, or that have
the ManageAllUserPasswords task in their task role, are autho-
rized to change other user's passwords.
You can either use this option, or use the -f or -i option, to
specify the user attribute(s) to change. The -t, -f, and -i
options are mutually exclusive.
-o The managed resource object or role assignment operation to per-
form. Valid values are a to add a managed resource object or
role to the user and r to remove a managed resource object or
role from the user.
This option is required when changing the user's managed
resource object assignment.
You can either use this option, or use the resourcerole
attribute with the -f or -i option, to change the user's managed
resource role assignment. The -o, -f, and -i options are mutu-
ally exclusive.
-r The type of access control assignment to change. Valid values
are resource for managed resource object assignment and
resourcerole for managed resource role assignment.
This option is required when the -o option is used to change the
user's managed resource object assignment or managed resource
role assignment. This option is not valid otherwise.
-v The new value for the attribute being changed.
When changing the user's managed resource object assignment,
specify the managed resource object to be added or removed.
When changing the user's managed resource role assignment, spec-
ify the managed resource role to be added or removed.
When changing the user's description, specify the new descrip-
tion with this option. The new description can be any string.
When changing the user's user name, specify the new user name
with this option. The new user name must not be longer than 32
characters, and it must begin with a letter.
When changing the user's password, you can either specify the
new password with this option, or you can omit this option and
you will be prompted to enter the password. The new password
must be at least 7 characters in length.
When changing the number of days until the user's password
expires, specify the new number of days with this option.
When changing the user's access control task role, specify the
new task role with this option. Valid values are hmcsuperadmin,
hmcoperator, hmcviewer, hmcpe, hmcservicerep, or a user-defined
task role.
When changing the user's authentication type, specify the new
authentication type with this option. Valid values are local,
kerberos, or ldap.
When changing the user's remote user ID used for remote Kerberos
authentication, specify the new remote user ID with this option.
This option is required when the -t option is specified to
change any user attribute other than the user's password.
You can either use this option, or use the -f or -i option, to
specify the new user attribute value(s). The -v, -f, and -i
options are mutually exclusive.
--remoteuser
The remote user ID used for remote Kerberos authentication for
this user. This is the user's Kerberos principal. The format of
a typical Kerberos principal is primary/instance@REALM.
The remote user ID must be specified when changing the user's
authentication type to remote Kerberos authentication.
This option is only valid when the -t option is specified to
change the user's authentication type to remote Kerberos authen-
tication.
You can either use this option, or use the remote_user_name
attribute with the -f or -i option, to change the remote user
ID. The --remoteuser, -f, and -i options are mutually exclu-
sive.
--localpasswd
The password for this user. The password must be at least 7
characters in length.
This option is only valid when the -t option is specified to
change the user's authentication type to local authentication.
You can either use this option, or use the passwd attribute with
the -f or -i option, to specify the password for this user when
changing the user's authentication type to local authentication.
If this option is omitted or the -f or -i option is specified
and the passwd attribute is omitted, you will be prompted to
enter the password. The --localpasswd, -f, and -i options are
mutually exclusive.
-f The name of the file containing the input data for this command.
The input data consists of attribute name/value pairs, which are
in comma separated value (CSV) format.
The format of the input data is as follows:
attribute-name=value,attribute-name=value,...
Valid attribute names for this command:
name
[new_name]
[taskrole]
Valid values are hmcsuperadmin, hmcoperator,
hmcviewer, hmcpe, hmcservicerep, or a user-defined
task role
[resourcerole]
[description]
[passwd]
[current_passwd]
When changing the password for a Kerberos user, use
this attribute to specify the user's current password.
If this attribute is omitted, you will be prompted to
enter the current password.
[pwage]
number of days
[min_pwage]
number of days
[authentication_type]
Valid values are:
local - local authentication
kerberos - remote Kerberos authentication
ldap - remote LDAP authentication
[session_timeout]
number of minutes
[verify_timeout]
number of minutes
[idle_timeout]
number of minutes
[inactivity_expiration]
number of days
[remote_webui_access]
Valid values are:
0 - do not allow this user to log in remotely to the
HMC Web user interface
1 - allow this user to log in remotely to the
HMC Web user interface
[remote_ssh_access]
Valid values are:
0 - do not allow this user to log in remotely to the
HMC using SSH
1 - allow this user to log in remotely to the
HMC using SSH
[remote_user_name]
Input data for this command can be specified with this option,
the -i option, or any of the other command options. The -f and
the -i options are mutually exclusive, and they cannot be speci-
fied if any of the other command options are specified.
-i This option allows you to enter input data on the command line,
instead of using a file. Data entered on the command line must
follow the same format as data in a file, and must be enclosed
in double quotes.
Input data for this command can be specified with this option,
the -f option, or any of the other command options. The -i and
the -f options are mutually exclusive, and they cannot be speci-
fied if any of the other command options are specified.
--help Display the help text for this command and exit.
EXAMPLES
Change the password for the user tester (the new password must be
entered when prompted):
chhmcusr -u tester -t passwd
Change the password for the user tester without prompting:
chhmcusr -u tester -t passwd -v secretpassword
or
chhmcusr -i "name=tester,passwd=secretpassword"
Change the number of days until the password expires for the user
hmcuser1 to be 180:
chhmcusr -u hmcuser1 -t pwage -v 180
or
chhmcusr -i "name=hmcuser1,pwage=180"
Change the task role for the user tester to hmcoperator:
chhmcusr -u tester -t taskrole -v hmcoperator
or
chhmcusr -i "name=tester,taskrole=hmcoperator"
Change the remote user ID for the user krbuser to
chhmcusr -u krbuser -t remoteuser -v
or
chhmcusr -i "name=krbuser,remote_user_name=
Change the remotely authenticated Kerberos user user1 to a locally
authenticated user (the password must be entered when prompted):
chhmcusr -u user1 -t auth -v local
or
chhmcusr -i "name=user1,authentication_type=local"
Change the locally authenticated user user2 to a remotely authenticated
Kerberos user and set the remote user ID to
chhmcusr -u user2 -t auth -v kerberos --remoteuser
or
chhmcusr -i "name=user2,authentication_type=kerberos,
remote_user_name=
Change the locally authenticated user user3 to a remotely authenticated
LDAP user:
chhmcusr -u user3 -t auth -v ldap
or
chhmcusr -i "name=user3,authentication_type=ldap"
Change the remotely authenticated LDAP user user4 to a locally authen-
ticated user:
chhmcusr -u user4 -t auth -v local --localpasswd jk3ds00b
or
chhmcusr -i "name=user4,authentication_type=local,passwd=jk3ds00b"
ENVIRONMENT
None
BUGS
None
AUTHOR
IBM Austin
SEE ALSO
lshmcusr, mkhmcusr, rmhmcusr, lsaccfg
