Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

convuser(8) [osf1 man page]

convuser(8)						      System Manager's Manual						       convuser(8)

NAME

       convuser - convert user profile information between BASE and ENHANCED formats

SYNOPSIS

       /usr/tcb/bin/convuser -a [-c] [-i] [-n] [-u] [-R] [-U uid] [-M] [-T template] [-[qv]] [users]
       /usr/tcb/bin/convuser -b [-T template] [-[qv]] [users]
       /usr/tcb/bin/convuser -d [-n] [-M] [-[qv]] [users]
       /usr/tcb/bin/convuser -H

FLAGS

       -a     Converts	from  BASE to ENHANCED authentication format.  This option is incompatible with the -b and -d options.	If none of -a, -b,
	      or -d have been supplied, then -a is implied by any of -c, -i, -n, -u, -R, or -U.

       -b     Converts from ENHANCED to BASE authentication format.  This option is incompatible with the -a and -d options.   The  conversion	in
	      this case is bring any compatible passwords from the extended profile back to the BASE profile.

       -c     Causes  the  conversion  for  -a	to  create new extended profiles only.	If the -c option is given, existing extended profiles will
	      remain unchanged.

       -d     Removes any extended profiles which do not still have corresponding BASE profiles.

       -i     Cause the conversion for -a to invalidate the encrypted password field in the BASE profile if the change to the ENHANCED profile	is
	      successful.

       -n     Cause the -a and -d conversions to include NIS passwd.byname map entries in the list of BASE profiles for consideration.

       -q     Cause non-error output to be suppressed.

       -u     Cause the -a conversion to leave the migrated passwords still usable.  The default is to pre-expire them.

       -v     Cause more verbose reports of progress to be given.

       -M     Work on NIS master map files rather than the local profiles.  This option works on NIS master hosts only.

       -R     Cause newly-created extended profiles to be written only to the /tcb/files directory tree (v4 only).

       -T template
	      Causes  the  creation of new extended profiles to use user template as the template for the account default values.  Causes the con-
	      version for -b to consider only accounts with template as the associated account template.

       -U uid Causes newly-crated extended profiles with UID values less than uid to be written to the /tcb/files directory tree (v4 only).

       -H     Cause an extended usage message to be given and no other processing to be performed.

DESCRIPTION

       The convuser utility is used to provide migration between BASE and ENHANCED security levels, as well as to provide support for the  use	of
       existing  account-creation scripts.  The most common uses are to clean up dangling extended profiles (those without corresponding BASE pro-
       files) after the removal of the base profiles, and to create new extended profiles to correspond to newly added base profiles.

EXAMPLES

       To remove dangling profiles:

       # convuser -d
       # convuser -Md To finish the addition of new accounts on a system using NIS to supply the extended profile information:

       # convuser -iu
       # convuser -Miu To finish the addition of new accounts on a system using NIS to supply the extended profile information:

       # convuser -iun

RELATED INFORMATION

       Files:
       prpasswd(4), authcap(4)

       Security delim off

																       convuser(8)

Check Out this Related Man Page

secconfig(8)						      System Manager's Manual						      secconfig(8)

NAME

       secconfig, secsetup - Security features setup graphical interface (Enhanced Security)

SYNOPSIS

       /usr/sbin/sysman secconfig

       NOTE:  The secsetup utility has been replaced by the secconfig graphical interface.

DESCRIPTION

       The  utility  is  a  graphical interface used to select the level of system security needed.  It can convert from Base to enhanced security
       mode, and configure base and enhanced security features.  If you are using secconfig to enable  Enhanced  security,  you  must  first  have
       loaded the enhanced security subsets.

       You can run while the system is in multiuser mode.  However, if you change the security level, the change is not completed until you reboot
       the system.

       For both base and enhanced security, the secconfig utility allows you to enable segment sharing, to enable access control lists (ACLs), and
       to restrict the setting of the execute bit to root only.

       For enhanced security, the secconfig utility additionally allows you to configure security support from simple shadow passwords all the way
       to a strict C2 level of security.  Shadow password support is an easy method for system administrators, who do not wish to use all  of  the
       extended  security features, to move each user's password out of /etc/passwd and into the extended user profile database (auth.db.  You can
       use the Custom mode if you wish to select additional security features, such as breakin detection and evasion, automatic database trimming,
       and password controls.

       When  converting from base to enhanced security, secconfig updates the system default database (/etc/auth/system/default) and uses the con-
       vuser utility to migrate user accounts.

       While it is possible to convert user accounts from enhanced back to base, the default encryption algorithms and supported password  lengths
       differ between base and enhanced security, and thus user account conversions do not succeed without a password change.

       NOTE: Because of the page table sharing mechanism used for shared libraries, the normal file system permissions are not adequate to protect
       against unauthorized reading.  The secconfig interface allows you to disable segment sharing.  The change in segment sharing  takes  effect
       at the next reboot.

FILES

RELATED INFORMATION

       acl(4), authcap(4), default(4), convuser(8),
       Security delim off

																      secconfig(8)
Man Page