Use this command to add an administrator ID to the server.
After registration, the administrator ID can issue a limited set of
commands, including all query commands. To provide additional privileges,
use the GRANT AUTHORITY command.
Privilege class
To issue this command, you
must have system privilege.
Remember: When you register
an administrator with the same name as an existing node, be aware
of the administrator authentication method and the SSLREQUIRED setting.
Any node that has the same name as the administrator that is being
registered inherits those settings.
Syntax
(1)
>>-REGister Admin--admin_name------password--------------------->
>--+------------------------+--+------------------+------------->
| (2) | '-CONtact--=--text-'
'-------PASSExp--=--days-'
.-FORCEPwreset--=--No------.
>--+--------------------------+--------------------------------->
'-FORCEPwreset--=--+-No--+-'
'-Yes-'
>--+------------------------------+----------------------------->
'-EMAILADdress--=--userID@node-'
(3)
.-------AUTHentication--=--LOcal-.
>--+--------------------------------+--------------------------->
'-AUTHentication--=--+-LOcal-+---'
'-LDap--'
.-SSLrequired--=--DEFault-----. .-ALert--=--No------.
>--+-----------------------------+--+-------------------+------><
'-SSLrequired--=--+-Yes-----+-' '-ALert--=--+-Yes-+-'
+-No------+ '-No--'
'-DEFault-'
Notes:
- A password is not required if you register
an administrator and select AUTHENTICATION=LDAP.
At logon, you are prompted for a password.
- The PASSEXP command does
not apply to administrators who authenticate to an LDAP directory
server.
- The default value can change if you issued
the SET DEFAULTAUTHENTICATION command and specified
LDAP.
Parameters
- admin_name (Required)
- Specifies the name of the administrator to be registered. The
maximum length of the name is 64 characters.
You cannot specify
an administrator name of NONE.
- password (Required)
- Specifies the password of the administrator to be registered.
The maximum length of the password is 64 characters. The password
is not case-sensitive if authentication is with the Tivoli® Storage
Manager server.
Passwords that authenticate with an LDAP directory server are case-sensitive.
See Naming Tivoli Storage Manager objects for
the characters that are available for specifying a password.
Tip: A password is not required if you register an administrator
and select AUTHENTICATION=LDAP. At logon, you are
prompted for a password.
- PASSExp
- Specifies the number of days the password remains valid. You can
set the password expiration period from 0 to 9999 days. A value of
0 means that the password never expires. This parameter is optional.
If you do not specify this parameter, the password is set with the
global expiration period of 90 days. This parameter does not affect
passwords that authenticate with an LDAP directory server.
- CONtact
- Specifies information identifying the administrator being registered.
This parameter is optional. The maximum length of this string is 255
characters. The contact information must be enclosed in quotation
marks if it contains any blanks.
- FORCEPwreset
- Specifies whether the administrator is required to change or reset
the password. This parameter is optional. The default value is NO.
Possible values are:
- No
- Specifies that the administrator does not need to change or reset
the password while attempting to sign on to the server.
- Yes
- Specifies that the administrator's password expires at the
next sign-on. The client or administrator must change or reset the
password then. If a password is not specified, you receive an error
message.
- EMAILADdress
- Specifies more contact information. The information that is specified
by this parameter is not acted upon by Tivoli Storage
Manager.
- AUTHentication
- This parameter specifies the authentication method for the administrator
user ID. Specify one of the following values: LDAP or LOCAL. The parameter
is optional and defaults to LOCAL. The default can change to LDAP
if you use the SET DEFAULTAUTHENTICATION command
and specify LDAP.
- LOcal
- Specifies that the local Tivoli Storage
Manager server database
is used.
- LDap
- Specifies that the administrator user ID authenticates passwords
with an LDAP directory server. Passwords that authenticate with an
LDAP directory server are case-sensitive.
Tip: A password
is not required if you register an administrator and select AUTHENTICATION=LDAP.
At logon, you are prompted for a password.
- SSLrequired
- Specifies whether the administrator user ID must use Secure Sockets
Layer (SSL) to communicate between the Tivoli Storage
Manager server and
the backup-archive client. When you authenticate passwords with an
LDAP directory server, you must protect the sessions by using SSL
or another network security method.
- Yes
- SSL is required.
- No
- SSL is not required.
- DEFault
- SSL is required for an administrator if the password that is associated
with its user ID authenticates with an LDAP directory server. SSL
is not required for an administrator ID that authenticates its password
with the Tivoli Storage
Manager server
(LOCAL).
- ALert
- Specifies whether alerts are sent to an administrators email address.
- Yes
- Specifies that alerts are sent to the specified administrators
email address.
- No
- Specifies that alerts are not sent to the specified administrators
email address. This is the default value.
Tip: Alert monitoring must be enabled,
and email settings must be correctly defined to successfully receive
alerts by email. To view the current settings, issue the QUERY
MONITORSETTINGS command.
Example: Register an administrator ID
Define
an administrator, LARRY, with the password PASSONE. You can identify
LARRY as second-shift personnel by specifying this information with
the CONTACT parameter. Issue the command:
register admin larry passone contact='second shift'
Example: Register an administrator ID and set the
authentication method
Define an administrator ID for Harry,
use the password Pa$#$twO. Using the ID and password, Harry can authenticate
to the LDAP directory server. Issue the command:
register admin Harry Pa$#$twO authentication=ldap
If
the password specified does not adhere to LDAP password standards,
the administrator is registered, and at log-in a new password must
be entered.