AAAREADME.TXT 10/31/89 Brian Lomasky c/o TERADYNE, INC. 321 Harrison Ave., Mail Stop H87. Boston, MA 02118 (617) 482-2706, x3259 DEC's AUTHORIZE utility has two reporting options for the SYSUAF.DAT file: 1) Too little (AUTHORIZE LIST/BRIEF) 2) Too much (AUTHORIZE LIST/FULL) This is almost useless for meeting the system manager's requirements of maintaining and monitoring the SYSUAF and its users. -------------------------------------------------------------------------------- SYSUAF V3.02 is a reporting program for the SYSUAF and RIGHTSLIST data files. Simply turn on READALL (or equiv) privilege and run SYSUAF.EXE. (Do NOT install this program with privilege; otherwise, any user could execute it). A menu of 18 reporting options (listed below) will be displayed. The best way to see what is available is to try them and see what data is displayed. Then use the ones that suit your purpose. You can print reports either to the screen (formatted for 80 columns) or to a data file (SYSUAF.LIS; formatted for either 80 or 132 columns, depending on which report option is selected). (Note that some of the options create SYSUAF.LIS as a DCL command procedure which can then be easily edited and then executed). SYSUAF.EXE will try to open SYS$SYSTEM:SYSUAF.EXE and SYS$SYSTEM:NETUAF.EXE (or SYS$SYSTEM:NETPROXY.DAT), unless the logical name of SYSUAF and/or NETUAF (or NETPROXY) is defined, in which case the SYSUAF.EXE program will try to open the SYSUAF and/or NETUAF (or NETPROXY) files pointed to by the logical name(s), respectively. SYSUAF.BAS is the source code for the main program (written in VAX BASIC V3). SYSUAF.EXE is the executable file for the main program. TRANSFER_PWD_TO_NODE.BAS is the source code for the password-copying program which is executed by the command file created by the SYSUAF.EXE report option "X" (written in VAX BASIC V3). TRANSFER_PWD_TO_NODE.COM is a command file to compile and link the executable from the source code. It will also copy the executable to a directory called TOOLS: TRANSFER_PWD_TO_NODE.EXE is the executable file for the password-copying program You should not need to recompile or relink either of the executables unless you need to change the features of the program. (Instructions for compiling and linking SYSUAF are contained at the beginning of the source code). These programs have been tested on VMS V4.6, V4.7 and V5.1-02. Special note on report option "W": Report option "W" is used to copy all SYSUAF.DAT data (except for any encrypted password data - which is handled by the "X" option) for selected users (based upon the responses to the other SYSUAF prompts) from one node's SYSUAF.DAT to another node's SYSUAF.DAT. It does this by creating a command file, which when executed, will copy the account data. You will be prompted as to whether you want to copy only usernames which do not have a matching username (as yet) on the remote node or whether to copy data for all selected usernames (based upon the responses to the other SYSUAF prompts). Normally, you would run this option and then run option "X" to create the two SYSUAF.LIS command files which will then be subsequently executed, as follows: 1) Copy the SYSUAF.LIS command file produced by the report option "W" to the remote node and execute it on the remote node to add the required new accounts (less passwords). 2) Then execute the command file produced by the report option "X" on the local node to copy the encrypted password information from the local node's accounts to the accounts on the remote node. The command file will prompt you for the name of the remote node to be updated. Besides the usual SYSPRV (or equiv) privilege that is required to run this utility on the local node, you will also need a proxy from the local node to a similarly-privileged account on the remote node in order for the program to open both nodes' SYSUAF.DAT files for the transfer operation. Special note on report option "X": Report option "X" is used to copy the encrypted password information from one node's SYSUAF.DAT to another node's SYSUAF.DAT. It does this by creating a command file, which when executed, will copy the data. You will be prompted as to whether you want to copy only passwords whose usernames do not have matching usernames (as yet) on the remote node or whether to copy passwords for all selected accounts (based upon the responses to the other SYSUAF prompts). Note that the command file created by this option will attempt to execute a utility called TRANSFER_PWD_TO_NODE.EXE which is located in a logically-named directory called TOOLS: (You must define the TOOLS: logical name and ensure that the executable resides in that directory, prior to executing the command file). This report option does not affect the local node's SYSUAF.DAT file in any way; Only the remote node's encrypted password data in its SYSUAF.DAT file is updated. -------------------------------------------------------------------------------- The user is prompted for the following information: The first prompt allows you to specify the type of report to be created. The second prompt allows you to specify whether output should be sent to the screen or to a disk file (SYSUAF.LIS). The default response is indicated within the angle brackets (< >). This option does not appear if the selected report type indicates that a file is to be created. The third prompt allows you to limit the report only to the users who hold a specific rightslist identifier, if you so desire. The fourth prompt allows you to limit the report only to the users who have a specific (octal) group UIC number, if you so desire. The fifth prompt allows you to limit the report to only CAPTIVE, NON-CAPTIVE, or all users, if you so desire. If you select report option "W" or "X" (see below), you will also be prompted as follows: Do you want to skip users who have existing accounts on another node? (Enter Y or N) (If you respond with a "Y" to this prompt, you will be further prompted to enter a node name to be compared against; all usernames on the local node who also have an account on the remote node will be omitted from the update process.) -------------------------------------------------------------------------------- << List of SYSUAF Report Options: >> SYSUAF REPORT PROGRAM V3.02 --- Report Type: (Except for options B and T, all DIS-USER'ed accounts will be omitted) A) Owner, Username, UIC (including sort by UIC) (incl Default Dir if to a file) B) Username, Flags (incl sort by UIC) (incl Acct Expire + PW Dates if to a file) C) Wsdefault, Wsextent, and Wsquota (incl ENQLM, FILLM, ASTLM, BIOLM, DIOLM, BYTLM, PBYTLM if to a file) D) Usernames only (No report headings are printed) E) Usernames, dates, and UICs who have ever logged in (No report headings) F) Usernames who have never logged in (No report headings are printed) G) Usernames and dates who have not logged in within the past 6 months H) Privileges (Default AND Authorized) (132-columns) I) Fill Bytes Report (to a file) J) Username, UIC, Default Dev/Dir, LGICMD (ACCT if file) (incl sort by UIC) K) Same as J) but also lists all identifiers held by each user (sorts by IDENT) L) Creates AUTHORIZE command file of: REVOKE/IDENTIFIER identifier(s) username M) AUTHORIZE "MODIFY username/" command file of all usernames N) AUTHORIZE "MODIFY username/LGICMD=file-spec" command file of all usernames O) AUTHORIZE "MODIFY username/DEVICE/DIRECTORY/PWDMIN" cmd file of all users P) AUTHORIZE "MODIFY username/WSDEFAULT=value/WSQUOTA=value/WSEXTENT=value /ENQLM=value/FILLM=value" command file of all usernames Q) DISKQUOTA "ADD [uic]/PERM=999999/OVER=500" cmd file for all users for DUA0: R) Report of all accounts having any user-data S) Highly-privileged users, privileges, UICs, and privileged proxies T) Usernames who have been DISUSER'ed (No report headings are printed) U) Usernames and dates who have logged in within the past 6 months V) AUTHORIZE "MODIFY username/PGFLQUO=quota/BYTLM=quota" command file W) AUTHORIZE command file to dupl a user's account + identifiers (less Password) X) AUTHORIZE command file to dupl a user's encrypted password info on a node: Send Report to: S)creen or F)ile Enter any held IDENTIFIER substring to search for OR just press the key for all held IDENTIFIERs Enter Octal UIC Group to search for ( for all UICs) Select only C)aptive users, N)on-Captive users, or for all users