LOCK ADMIN (Lock out an administrator)
Use this command to prevent an administrator from accessing the server. The administrator is locked out until a system administrator uses the UNLOCK ADMIN command to reestablish access for the administrator.
You can use the authentication filter to lock all administrators, excluding console administrators. After configuring an LDAP directory server for password authentication, you can lock administrators to force them to create passwords that authenticate with an LDAP server.
Privilege class
To issue this command, you must have system privilege.
Syntax
>>-LOCK Admin--+-*----------+--+------------------------------+->< '-admin_name-' '-AUTHentication--=--+-LOcal-+-' '-LDap--'
Parameters
- admin_name (Required)
- Specifies the name of the administrator to be locked out. You can use wildcard characters to specify the administrator name. You do not have to enter an administrator name if you want to lock all of the administrators according to their authentication method. Use the wildcard with an authentication method to lock multiple administrators.
- AUTHentication
- Specifies the method of authentication that the administrator
uses to log in.
- LOcal
- Specifies to lock administrators who authenticate to the IBM Spectrum Protect™ server.
- LDap
- Specifies to lock administrators who authenticate to the LDAP directory server.
Example: Lock out an administrator
Lock out the administrator CLAUDIA. Issue the command:lock admin claudiaExample: Lock out all administrators who authenticate to the IBM Spectrum Protect server database
Use the wildcard character (*) to lock all the administrators who authenticate their passwords locally. Console administrators are not affected by this command. Issue the following command:lock admin * authentication=local Related commands
| Command | Description |
|---|---|
| QUERY ADMIN | Displays information about one or more IBM Spectrum Protect administrators. |
| UNLOCK ADMIN | Enables a locked administrator to access IBM Spectrum Protect. |