Chat now with support
Chat with Support

Identity Manager 8.0 - Administration Guide for Connecting Unix-Based Target Systems

Managing Unix-Based Systems Setting Up Synchronization with a Unix-Based Target System Base Data for Unix-Based Target Systems Unix Host Unix user accounts Unix groups Reports about Unix Objects Appendix: Configuration Parameters for Managing Unix Appendix: Default Project Template for Unix-Based Target Systems

User Account Limits

On the Limits tab, you can enter the following limits for resources of the user's processes in an AIX system. This data is mapped in /etc/security/limits.

Table 27: Limits for User Accounts in an AIX System

Property

Description

Core size (soft)

Soft limit for the size of the core dump file that can be created by a user process. (Parameter core).

Core size (hart)

Absolute maximum limit for the size of the core dump file that can be created by a user process. (Parameter core_hard).

CPU time (soft)

Soft limit for the time (in seconds) a user process may take. (Parameter cpu).

CPU time (hard)

Maximum amount of time (in seconds) the user process may take. (Parameter cpu_hard).

Data size (soft)

Soft limit for the size of the process' data segment for a user process. (Parameter data).

Data size (hard)

Maximum size of a process' data segment for a user process. (Parameter data_hard).

File size (soft)

Soft limit for the size of a file a user process can create or extend. (Parameter fsize).

File size (hard)

Absolute maximum size of a file a user process can create or extend. (Parameter fsize_hard).

Memory size (soft)

Soft limit for the maximum amount of physical memory a user process can take up. (Parameter rss).

Memory size (hard)

Maximum amount of physical memory a user process can take up. (Parameter rss_hard).

Stack size (soft)

Soft limit for the size of the process' stack segment for a user process. (Parameter stack).

Stack size (hard)

Maximum size of a process' stack segment for a user process. (Parameter stack_hard).

File descriptors (soft)

Soft limit for the number of file descriptors a user process can have open at the same time. (Parameter nofiles).

File descriptors (hard)

Absolute maximum number of file descriptors a user process can have open at the same time. (Parameter nofiles_hard).

Threads (soft)

Soft limit for the number of threads per process. (Parameter threads).

Threads (hard)

Absolute maximum number of threads per process. (Parameter threads_hard).

Processes (soft)

Soft limit for the number of processes per user. (Parameter nproc).

Processes (hard)

Absolute maximum for the number of processes per user. (Parameter nproc_hard).

User Account Password Data

On the Password tab you can enter the following additional information about a user account in the AIX system. This data is mapped in /etc/security/user.

Table 28: Password Data for User Accounts in an AIX System

Property

Description

minlen

Minimum number of characters a password must have. (Parameter minlen).

maxrepeats

Maximum number of characters that can be repeated in passwords. The default value 8 specifies that a maximum has not been fixed. (Parameter maxrepeats).

mindiff

Minimum number of unique characters that passwords must contain. (Parameter mindiff).

minalpha

Specifies the minimum number of alphabetical characters a new password must contain. (Parameter minalpha).

minloweralpha

Specifies the minimum number of lowercase letters a new password must contain. (Parameter minloweralpha).

minupperalpha

Specifies the minimum number of uppercase letters a new password must contain. (Parameter minupperalpha).

mindigit

Specifies the minimum number of digits a new password must contain. (Parameter mindigit).

minspecialchar

Specifies the minimum number of special characters a new password must contain. (Parameter minspecialchar).

minother

Specifies the minimum number of non-alphabetical characters a new password must contain. (Parameter minother).

dictionlist

Dictionary file of black listed passwords. Verifies passwords do not include standard UNIX words. (Parameter dictionlist).

histexpire

Number of weeks before a password can be reused. (Parameter histexpire).

histsize

Number of password iterations allowed before an old password can be used again. (Parameter histsize).

minage

Minimum number of weeks before a password can be changed. (Parameter minage).

maxage

Maximum number of weeks before a password must be changed. (Parameter maxage).

maxexpired

Maximum number of weeks beyond maxage that an expired password can be changed by the user. (Parameter maxexpired).

pwdchecks

Methods to apply to new passwords that check the password quality. The value contains a comma delimited list of method names. (Parameter pwdchecks).

pwdwarntime

Number of days before the system issues a warning that a password change is required. (Parameter pwdwarntime).

Security Relevant User Account Master Data

On the security tab you can enter the following additional information about a user account in the AIX system. This data is mapped in /etc/security/user.

Table 29: Additional Security Relevant Data for User Accounts in an AIX System

Property

Description

account_locked

Specifies whether the user account is locked. (Parameter account_locked).

admin

Defines the administrative status of the user. (Parameter admin).

admgroups

Lists the groups the user administrates. (Parameter admgroups).

auditclasses

The user account's audit classes. (Parameter auditclasses).

auth1

Additional mandatory methods for authenticating the user. (Parameter auth1).

auth2

Additional optional methods for authenticating the user. (Parameter auth2).

core_compress

Enables or disables core file compression. (Parameter core_compress).

core_path

Enables or disables core file path specification. (Parameter core_path). If this attribute has a value of On, core files will be placed in the given directory. otherwise, core files are placed in the user's current working directory.

core_naming

Naming conventions for the core file. If this option is set, the core file is stamped with a process ID, the time and date. (Parameter core_naming).

daemon

Specifies whether the user can execute programs using the cron daemon or the src (system resource controller) daemon. (Parameter daemon).

dce_export

Specifies whether the DCE registry can overwrite the local user information with the DCE user information during a DCE export operation. (Parameter dce_export).

expires

Expiration date of the user account. (Parameter expires).

login

Specifies whether the user can log in to the system with the login command. (Parameter login).

logintimes

Times, days, or both, the user is allowed to access the system. (Parameter logintimes).

loginretries

Number of unsuccessful login attempts allowed after the last successful login before the system locks the account. (Parameter loginretries). A value of 0 or a negative value, indicates no maximum age.

projects

List of projects that the user's processes can be assigned to. The value is a list of comma-delimited project names. (Parameter projects).

registry

Defines the authentication registry where the user is administered. (Parameter registry).

rlogin

Permits access to the account from a remote location with the telnet or rlogin commands. (Parameter rlogin).

su

Specifies whether another user can switch to the specified user account with the su command. (Parameter su).

sugroups

Groups that can use the su command to switch to the specified user. (Parameter sugroups).

SYSTEM

System's authentication mechanism for the user. (Parameter SYSTEM).

tpath

The user's trusted path status. (Parameter tpath).

ttys

Lists the terminals that can access the user. (Parameter ttys).

umask

Determines file permissions. (Parameter umask). The default value is 022.

Related Topics

Master Data of a User Account's Encrypted File System

On the Encrypted File System tab you can enter the following additional information for using encrypted file system (EFS) for a user account in an AIX system. This data is mapped in /etc/security/user.

Table 30: User Account Master Data for Encrypted File Systems

Property

Description

efs_adminks_access

Defines the efs_admin keystore location (Parameter efs_adminks_access). Permitted values:

  • file
  • ldap

efs_allowksmodechangebyuser

Specifies whether the user can change the mode or not. (Parameter efs_allowksmodechangebyuser).

efs_file_algo

Algorithm used to generate the file protection key. (Parameter efs_file_algo). Permitted values:

  • AES_128_CBC
  • AES_192_CBC
  • AES_256_CBC

efs_initialks_mode

Initial mode of the user keystore. (Parameter efs_initialks_mode). Permitted values:

  • guard
  • Admin

efs_keystore_access

User keystore location. (Parameter efs_keystore_access). Permitted values:

  • none
  • file

efs_keystore_algo

Algorithm used to generate the user private key when the keystore is created. (Parameter efs_keystore_algo). Permitted values:

  • RSA_1024
  • RSA_2048
  • RSA_4096
Related Documents