AAAREADME.DOC 12/03/91 Brian Lomasky c/o TERADYNE, INC. 321 Harrison Ave., Mail Stop H87. Boston, MA 02118 (617) 422-2259 DEC's AUTHORIZE utility has two reporting options for the SYSUAF.DAT file: 1) Too little (AUTHORIZE LIST/BRIEF) 2) Too much (AUTHORIZE LIST/FULL) This is almost useless for meeting the system manager's requirements of maintaining and monitoring the SYSUAF and its users. -------------------------------------------------------------------------------- SYSUAF V5.00 is a reporting program for the SYSUAF and RIGHTSLIST data files. Simply turn on READALL (or equiv) privilege and run SYSUAF.EXE. (Do NOT install this program with privilege; otherwise, any user could execute it). A menu of reporting options will be displayed. The best way to see what is available is to try them and see what data is displayed. You can print reports either to the screen, to a data file (SYSUAF.LIS), or to create a DCL command procedure (SYSUAF.COM) which can then be easily edited and then executed. SYSUAF.EXE will try to open SYS$SYSTEM:SYSUAF.EXE and SYS$SYSTEM:NETPROXY.EXE (or SYS$SYSTEM:NETUAF.DAT), unless the logical name of SYSUAF and/or NETPROXY (or NETUAF) is defined, in which case the SYSUAF.EXE program will try to open the SYSUAF and/or NETPROXY (or NETUAF) files pointed to by the logical name(s), respectively. AAAREADME.DOC is this file. SYSUAF.BAS is the source code for the main program (written in VAX BASIC V3). SYSUAF.OBJ is the compiled source code SYSUAF.EXE is the executable file for the main program. TRANSFER_PWD_TO_NODE.BAS is the source code for the password-copying program which is executed by the command file created by the SYSUAF.EXE report option "L" (written in VAX BASIC V3). TRANSFER_PWD_TO_NODE.OBJ is the compiled source code TRANSFER_PWD_TO_NODE.EXE is the executable file for the password-copying program (which must reside in a directory pointed to by the logical name: TOOLS: in order to be available to the SYSUAF.COM command file created by SYSUAF.EXE) You do not need the TRANSFER_PWD_TO_NODE.* files if you never select the "L" option on the SYSUAF menu. You should not need to recompile or relink either of the executables unless you need to change the features of the program. (Instructions for compiling and linking SYSUAF are contained at the beginning of the source code). These programs have been tested on VMS V4.6, V4.7 and V5.1, V5.2, and V5.3. Special note on report option "K": Report option "K" is used to copy all SYSUAF.DAT data (except for any encrypted password data - which is handled by the "L" option) for selected users (based upon the responses to the other SYSUAF prompts) from one node's SYSUAF.DAT to another node's SYSUAF.DAT. It does this by creating a command file, which when executed, will copy the account data. You will be prompted as to whether you want to copy only usernames which do not have a matching username (as yet) on the remote node or whether to copy data for all selected usernames (based upon the responses to the other SYSUAF prompts). Normally, you would run this option and then run option "L" to create the two SYSUAF.COM command files which will then be subsequently executed, as follows: 1) Copy the SYSUAF.COM command file produced by the report option "K" to the remote node and execute it on the remote node to add the required new accounts (less passwords). 2) Then execute the command file produced by the report option "L" on the local node to copy the encrypted password information from the local node's accounts to the accounts on the remote node. The command file will prompt you for the name of the remote node to be updated. Besides the usual SYSPRV (or equiv) privilege that is required to run this utility on the local node, you will also need a proxy from the local node to a similarly-privileged account on the remote node in order for the program to open both nodes' SYSUAF.DAT files for the transfer operation. Special note on report option "L": Report option "L" is used to copy the encrypted password information from one node's SYSUAF.DAT to another node's SYSUAF.DAT. It does this by creating a command file, which when executed, will copy the data. You will be prompted as to whether you want to copy only passwords whose usernames do not have matching usernames (as yet) on the remote node or whether to copy passwords for all selected accounts (based upon the responses to the other SYSUAF prompts). Note that the command file created by this option will attempt to execute a utility called TRANSFER_PWD_TO_NODE.EXE which is located in a logically-named directory called TOOLS: (You must define the TOOLS: logical name and ensure that the executable resides in that directory, prior to executing the command file). This report option does not affect the local node's SYSUAF.DAT file in any way; Only the remote node's encrypted password data in its SYSUAF.DAT file is updated. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - **** Besides the Username, select the data item(s) to appear on the report: **** A) Access Restrictions Quotas: !) Last Password #1 Change Date B) Account Expiration Date R) ASTLM @) Last Password #2 Change Date C) Account Name S) BIOLM #) Last Interactive Login Date D) Base Priority T) BYTLM $) Last Non-Interactive Login Date E) CLI Name U) CPUTIME %) Number of Login Failures F) CLI Table V) DIOLM ^) Any Existing Userdata G) Default Device W) ENQLM &) Customer-site-specific data H) Default Directory X) FILLM *) Held Identifiers I) Login Command filespec Y) JTQUOTA J) Login Flags Z) MAXACCTJOBS K) Minimum Password Length 0) MAXDETACH L) Owner Name 1) MAXJOBS M) Password Lifetime 2) PBYTLM N) Primary/Secondary Days 3) PGFLQUOTA O) Privileges - Authorized 4) PRCLM P) Privileges - Default 5) SHRFILLM Q) UIC 6) TQELM 7) WSDEFAULT 8) WSEXTENT 9) WSQUOTA