mkhmcusr.1

-u	The user name of the HMC user to create. The user name cannot be longer than 32 characters, and it must begin with a letter. You can either use this option, or use the name attribute with the -f or -i option, to specify the user name. The -u, -f, and -i options are mutually exclusive.
-a	The access control task role for this user. Valid values are hmcsuperadmin, hmcoperator, hmcviewer, hmcpe, hmcservicerep, hmcclientliveupdate, or a user-defined task role. You can either use this option, or use the taskrole attribute with the -f or -i option, to specify the access control task role. The -a, -f, and -i options are mutually exclusive.
-d	The description for this user. description can be any string. You can either use this option, or use the description attribute with the -f or -i option, to specify the description. If a description is not specified, then the description will be set to "HMC User". The -d, -f, and -i options are mutually exclusive.
--passwd	The password for this user. The password must be at least 8 and maximum 32 characters in length. A password cannot be specified when creating a remotely authenticated Kerberos or LDAP user. You can either use this option, or use the passwd attribute with the -f or -i option, to specify the password. If this option is omitted or the -f or -i option is specified and the passwd attribute is omitted, you will be prompted to enter the password. The --passwd, -f, and -i options are mutually exclusive.
-M	The number of days until the password for this user expires. A password expiration cannot be specified when creating a remotely authenticated Kerberos or LDAP user. You can either use this option, or use the pwage attribute with the -f or -i option, to specify the password expiration. If a password expiration is not specified, then this user’s password will never expire. The -M, -f, and -i options are mutually exclusive.
--auth	The authentication type for this user. Valid values are local for local authentication, kerberos for remote Kerberos authentication, and ldap for remote LDAP authentication. You can either use this option, or use the authentication_type attribute with the -f or -i option, to specify the authentication type. If an authentication type is not specified, then the authentication type for this user will be set to local authentication. The --auth, -f, and -i options are mutually exclusive.
--remoteuser	The remote user ID used for remote Kerberos authentication for this user. This is the user’s Kerberos principal. The format of a typical Kerberos principal is primary/instance@REALM. You can either use this option, or use the remote_user_name attribute with the -f or -i option, to specify the remote user ID. A remote user ID must be specified when creating a remotely authenticated Kerberos user. The --remoteuser, -f, and -i options are mutually exclusive.
-f	The name of the file containing the input data for this command. The input data consists of attribute name/value pairs, which are in comma separated value (CSV) format. The format of the input data is as follows: attribute-name=value,attribute-name=value,... Valid attribute names for this command: name taskrole Valid values are hmcsuperadmin, hmcoperator, hmcviewer, hmcpe, hmcservicerep, hmcclientliveupdate, or a user-defined task role [resourcerole] [description] [passwd] Local users only [pwage] Local users only number of days [min_pwage] Local users only number of days [authentication_type] Valid values are: local - local authentication kerberos - remote Kerberos authentication ldap - remote LDAP authentication [session_timeout] number of minutes [verify_timeout] number of minutes [idle_timeout] number of minutes [inactivity_expiration] number of days [remote_webui_access] Valid values are: 0 - do not allow this user to log in remotely to the HMC Web user interface 1 - allow this user to log in remotely to the HMC Web user interface [remote_ssh_access] Valid values are: 0 - do not allow this user to log in remotely to the HMC using SSH 1 - allow this user to log in remotely to the HMC using SSH [remote_user_name] Kerberos users only Input data for this command can be specified with this option, the -i option, or any of the other command options. The -f and the -i options are mutually exclusive, and they cannot be specified if any of the other command options are specified.
-i	This option allows you to enter input data on the command line, instead of using a file. Data entered on the command line must follow the same format as data in a file, and must be enclosed in double quotes. Input data for this command can be specified with this option, the -f option, or any of the other command options. The -i and the -f options are mutually exclusive, and they cannot be specified if any of the other command options are specified.
--help	Display the help text for this command and exit.

Create the user sysadmin:

mkhmcusr -u sysadmin -a hmcsuperadmin --passwd aielkw3j
-M 180 -d "System Administrator"

mkhmcusr -i "name=sysadmin,taskrole=hmcsuperadmin,passwd=
aielkw3j,pwage=180,description=System Administrator"

Create the user myhmcuser (the user’s password must be entered when prompted):

mkhmcusr -u myhmcuser -a hmcviewer

mkhmcusr -i "name=myhmcuser,taskrole=hmcviewer"

Create a remotely authenticated Kerberos user krbuser:

mkhmcusr -u krbuser -a hmcoperator --auth kerberos
--remoteuser krbuser/hmcoperator@EXAMPLE.COM

mkhmcusr -i "name=krbuser,taskrole=hmcoperator,
authentication_type=kerberos,remote_user_name=
krbuser/hmcoperator@EXAMPLE.COM"

Create a remotely authenticated LDAP user ldapuser:

mkhmcusr -u ldapuser -a hmcsuperadmin --auth ldap

mkhmcusr -i "name=ldapuser,taskrole=hmcsuperadmin,
authentication_type=ldap"

HMC Manual Reference Pages - MKHMCUSR (1)

NAME

CONTENTS

SYNOPSIS

DESCRIPTION

OPTIONS

EXAMPLES

ENVIRONMENT

BUGS

AUTHOR

SEE ALSO