Syntax for pdadmin commands

The following syntax is used with the pdadmin command:

pdadmin [–I configuration-instance-name] [[–a admin_id [–p password] [–d domain]] [–linelen max-linelen] [–histsize history size] [–v] [command]

pdadmin [–I configuration-instance-name] [[–a admin_id [–p password] [–d domain]] [–linelen max-linelen] [–v] [file]

pdadmin [–I configuration-instance-name] [[–a admin_id [–p password] [–m]] [–linelen max-linelen] [–v] [command]

pdadmin [–I configuration-instance-name] [[–a admin_id [–p password] [–m]] [–linelen max-linelen] [–v] [file]

pdadmin [–l] [–linelen max-linelen] [–v] [command]

pdadmin [–l] [–linelen max-linelen] [–v] [file]

The following list explains the options for the pdadmin utility:

command

Specifies the single pdadmin command to run. The command is run one time. The pdadmin utility does not enter interactive mode. The command option is mutually exclusive with the file option.

file

Specifies the fully qualified name of the file that contains a list of commands to run. These commands are run one time. The pdadmin utility does not enter interactive mode. The file option is mutually exclusive with the command option.

Note: For Windows operating systems, file names cannot contain the backward slash (\), colon (:), question mark (?), or double quotation mark characters.

–a admin_id

Logs you in as the user admin_id. This administrator must exist in the domain. If you do not specify this option on the command line, you are considered unauthenticated, and your access to other commands is limited. If you specify this option without specify the –p option, you are prompted for the password.

The –a option is mutually exclusive with the –l option. If you do not specify either option, you are logged in as an unauthenticated user. Unauthenticated users can use the context, errtext, exit, help, login, logout and quit commands only.

–d domain

Specifies the Security Verify Access secure domain to log in. Log in to this domain requires authentication. The admin_id user that is specified must exist in this domain. The –d option is mutually exclusive with the –m option. If neither options are specified, the target domain is the local domain that is configured for the system.

–I configuration-instance-name

Specifies the pd.conf file instance that the pdadmin command should use. The configuration-instance-name value is the hostname that is provided to the pdadmin_host command that generated the configuration file. This option allows pdadmin to communicate with multiple policy servers.

–l

Specifies a local login operation. When modifications are made to local configuration files by using the pdadmin config commands, a local login is required before you can run commands.

The –l option is mutually exclusive with the –a option. If you do not specify either option, you are logged in as an unauthenticated user. Unauthenticated users can use the context, errtext, exit, help, login, logout and quit commands only.

–linelen max-linelen

Currently, the –linelen option is ignored.

–m

Specifies that the login operation must be directed to the management domain. Log in to this domain requires authentication. The admin_id user that is specified must exist in this domain. The –m option is mutually exclusive with the –d option. If neither options are specified, the target domain is the local domain that is configured for the system.

–p password

Specifies the password for the user admin_id. Using this option might show your password to others because the password is visible on the screen and also in the process table. If you do not specify this option on the command line, you are prompted for a password. This option cannot be used unless the –a option is used.

–v

Prints the version number of the pdadmin utility. If this option is specified, all other valid options are ignored.

The following example is the output that you might see when you use this option:

Security Verify Access Administrative Tool v10.0.0.0 (Build 20200202)
Copyright (C) IBM Corporation 1994-2020. All Rights Reserved.

–histsize

Specifies the command history size. The default command history size is 64. The minimum size of the command history is 1 and the maximum size is 1024. The command history option is available only in the interactive mode and on operating systems other than Windows.

Note:

If you specify the –a and –p options, you are logged in as that user. Using this method might show your password to others. For example, one user is using pdadmin with this command. Another user lists the processes that are running. Then, the full command that includes the password, might be visible to the second user.
Users can run the pdadmin context show command to view their authentication information.