UPDATE ADMIN (Update an administrator)

Use this command to change the password or contact information for an administrator. However, you cannot update the SERVER_CONSOLE administrator name.

AIX operating systems HP-UX operating systems Linux operating systems Oracle Solaris operating systems Passwords for administrators must be changed after a length of time that is determined by the SET PASSEXP command. The SET PASSEXP command does not affect passwords that authenticate with a Lightweight Directory Access Protocol (LDAP) server.

Restriction: You cannot update the authentication method for your own user ID. If necessary, another administrator must make that change. Also, when you update a password with the UPDATE ADMIN command, you cannot use a wildcard with the admin_name parameter.

Administrators with the same name as a node can be created during a REGISTER NODE command. If you do not specify a name, the administrator is given the same name as the node. To keep the node and administrator with the same name synchronized, the authentication method and the SSLREQUIRED setting for the node are updated to match the administrator. If the administrator authentication method is changed from LOCAL to LDAP and a password is not provided, the node is put in "LDAP pending" status. A password is then requested at the next logon. Passwords between same-named nodes and administrators are kept in sync through any authentication change.

You must use the RENAME ADMIN command to change the name of a registered administrator.

For users of Lightweight Directory Access Protocol (LDAP) servers: The information in this documentation applies to the LDAP authentication method that is preferred for Tivoli® Storage Manager V7.1.7 or later servers. For instructions about using the previous LDAP authentication method, see Managing passwords and logon procedures.

Privilege class

To issue this command to change another administrator ID password or contact information, you must have system privilege. Any administrator can issue this command to update his or her own password or contact information.

Syntax


                (1)             (2)                 
>>-UPDate Admin------admin_name------+----------+--------------->
                                     '-password-'   

>--+------------------+--+------------------+------------------->
   '-PASSExp--=--days-'  '-CONtact--=--text-'   

>--+--------------------------+--------------------------------->
   '-FORCEPwreset--=--+-No--+-'   
                      '-Yes-'     

>--+------------------------------+----------------------------->
   '-EMAILADdress--=--userID@node-'   

>--+--------------------------------------------------------------+-->
   |                                                (3)           |   
   |                               .-SYNCldapdelete------=--No--. |   
   '-AUTHentication--=--+-LOcal-+--+----------------------------+-'   
                        '-LDap--'  '-SYNCldapdelete--=--+-Yes-+-'     
                                                        '-No--'       

>--+-----------------------------+--+-------------------+------><
   '-SSLrequired--=--+-Yes-----+-'  '-ALert--=--+-Yes-+-'   
                     +-No------+                '-No--'     
                     '-DEFault-'

Notes:

You must specify at least one optional parameter on this command.
Passwords are optional for this command, except when changing the authentication method from LDAP to LOCAL.
The SYNCldapdelete parameter applies only if an administrator authenticating to an LDAP directory server reverts to local authentication.

Parameters

admin_name (Required)

Specifies the name of the administrator to be updated.

password

Specifies the administrator's password. This parameter is optional for most cases. If the administrator authentication method is changed from LDAP to LOCAL, a password is required. If an LDAP server is used to authenticate administrators, do not specify a password by using the UPDATE ADMIN command.

PASSExp

Specifies the number of days the password remains valid. You can set the password expiration period in the range 0 - 9999. A value of 0 means that the password never expires. This parameter is optional. If you do not specify this parameter, the password expiration period is unchanged. This parameter does not apply to passwords that are stored on an LDAP directory server.

CONtact

Specifies a text string that identifies the administrator. This parameter is optional. Enclose the text string in quotation marks if it contains any blanks. To remove previously defined contact information, specify a null string ("").

FORCEPwreset

Specifies whether the administrator is required to change or reset the password. This parameter is optional. Possible values are:

No

Specifies that the administrator does not need to change or reset the password while attempting to sign on to the server. The password expiration period is set by the SET PASSEXP command.

Yes

Specifies that the administrator's password will expire at the next sign-on. The administrator must change or reset the password then. If a password is not specified, you receive a syntax error.

Restrictions:

For administrative user IDs that authenticate with an LDAP server, password expiration is set by using LDAP server utilities. For this reason, do not specify FORCEPWRESET=YES if you plan to specify AUTHENTICATION=LDAP.
If you plan to update an administrative user ID to authenticate with an LDAP server, and you specified FORCEPWRESET=YES, you must change the password before you can specify FORCEPWRESET=NO and AUTHENTICATION=LDAP.

EMAILADdress

This parameter is used for additional contact information. The information that is specified by this parameter is not acted upon by Tivoli Storage Manager.

AUTHentication

This parameter determines the password authentication method that the administrator ID uses; either LDAP or LOCAL.

LOcal: Specifies that the administrator uses the local Tivoli Storage Manager server database to store passwords for authentication.
LDap: Specifies that the administrator uses an LDAP directory server for password authentication.

SYNCldapdelete

This parameter applies only if an administrator who authenticates to an LDAP server wants to revert to local authentication.

Yes: Specifies that the administrator is deleted from the LDAP server.
Restriction: Do not specify a value of YES. (The value of YES is appropriate only for users of the previous LDAP authentication method, which is described in Managing passwords and logon procedures.)
No: Specifies that the administrator is not deleted from the LDAP server. This is the default.

SSLrequired

Specifies whether the administrator user ID must use Secure Sockets Layer (SSL) to communicate between the Tivoli Storage Manager server and the backup-archive client. When you authenticate passwords with an LDAP directory server, you must protect the sessions by using SSL or another network security method.

Yes: Specifies that SSL is required.

No: Specifies that SSL is not required.

DEFault: Specifies that SSL is required for an administrator if the password that is associated with its user ID authenticates with an LDAP directory server. SSL is not required for an administrator ID that authenticates its password with the Tivoli Storage Manager server (LOCAL).

ALert

Specifies whether alerts are sent to an administrators email address.

Yes: Specifies that alerts are sent to the specified administrators email address.
No: Specifies that alerts are not sent to the specified administrators email address. This is the default value.

Tip: Alert monitoring must be enabled, and email settings must be correctly defined to successfully receive alerts by email. To view the current settings, issue the QUERY MONITORSETTINGS command.

Example: Update a password and password expiration period

Update the administrator LARRY to have the password SECRETWORD and a password expiration period of 120 days. The administrator in this example is authenticated to the Tivoli Storage Manager server. The password is not case-sensitive.

update admin larry secretword passexp=120

Related commands

Table 1. Commands related to UPDATE ADMIN
Command	Description
QUERY ADMIN	Displays information about one or more Tivoli Storage Manager administrators.
QUERY STATUS	Displays the settings of server parameters, such as those selected by the SET commands.
QUERY MONITORSETTINGS (Query the configuration settings for monitoring alerts and server status)	Displays information about monitoring alerts and server status settings.
REGISTER ADMIN	Defines a new administrator without granting administrative authority.
REGISTER NODE	Defines a client node to the server and sets options for that user.
RENAME ADMIN	Changes a Tivoli Storage Manager administrator’s name.
SET PASSEXP	Specifies the number of days after which a password is expired and must be changed.
UPDATE NODE	Changes the attributes that are associated with a client node.