Neoview User Management and Security Administration Guide (R2.5)

ManualsBrandsHP ManualsSoftwareHP Neoview Release 2.5 Software

111

112

113

114

115

116

117

118

119

120

For platform user, username is a text string, with a maximum of 32 alphanumeric

characters and special characters period (.), hyphen (-), and underscore (_). User names

should not begin with the string “role”. The name is not case-sensitive.

—

— For a database user, username can consist of up to 128 characters and is not

case-sensitive.

NOTE: If you query the database for a user name, you must provide the name in uppercase,

even if it was created using lower or mixed case. You can input the user name in uppercase

or use the UPSHIFT function in the query.

In addition, some tools available to HP Support require user names to be specified in

uppercase, regardless of the case used in the command that created the user.

If the user is remotely authenticated, this name must exactly match the name by which the

user is known on the external LDAP server. This is a required input parameter.

• rolename is the name of the role to associate with this user. The role must already exist. If

you are creating a platform user, this will be the user's only role, and the value must be one

of:

SUPER.SUPER

SUPER.SERVICES

HP.SDI

If you are creating a database user, specify the role as a string consisting of the prefix “ROLE.”

followed by 1 to 8 alphanumeric characters, the first of which may not be a number.

Alphabetic characters are case-insensitive. Later, you can assign additional roles to the user

with the GRANT ROLE command.

This is a required input parameter.

• password is the password to be assigned to a platform user or a locally authenticated

database user and must comply with the password quality criteria specified in the current

system security policy (described in “Viewing and Updating the Password Quality and

Control Policies” (page 44). If you include the keyword but omit the value, NCI prompts

you for the password and requires you to confirm it by typing it for a second time; in neither

case does NCI echo your input to the screen.

This is a required parameter for a platform user or locally authenticated database user but

will result in an error if you specify it when you define a remotely authenticated user.

NCI allows you to enter a password of up to 64 bytes in length. However, a password of

this length might or might not enable the user to log on later. The maximum length of a

valid password is dependent on the security policies configured on your Neoview platform:

— If the platform is configured to use 1024-bit keys, the limit is 53 characters.

— If the platform is configured to use 2048-bit keys, the limit is 64 characters.

— If the security policy requires a user to enter both an individual password and the role

password in order to log on, the maximum total length of the two passwords together

is 52 bytes in the case of 1024-bit encryption and 128 bytes in the case of 2048-bit

encryption.

NOTE: If you include a password as a parameter on the command line, then in the event

of a command syntax error, the password you entered could be logged in clear text on your

client system. To prevent a password from being exposed in this way, specify only the

keyword PASSWORD and allow yourself to be prompted for the value.

• days is the number of days, from the time the password is changed, after which it expires.

Any integer value is valid. If you omit this parameter, the default value set in the security

User Management Commands 115