AIX Default Attributes

For the AIX service type, Identity Manager provides a set of default attributes.

Employee information page

The following list contains the default attributes. The administrator can remove attributes from or add attributes to the list.

For more information about other attributes, refer to your specific adapter installation and configuration guide.

User ID: Type the login user ID for the user.
Gecos (comments): Type general descriptive information about the user.
UID number: Type the user ID number for the user.

Access information page

UNIX Shell: Specify a default command shell for the account.
Account expiration date : Date: Specify a date for when the account expires.
Account expiration date : Time: Specify a time that the account expires on the date specified in the Account expiration date : Date field. Alternatively, select Never to set the account to never expire.
UNIX umask: Specify the read, write, and execute permissions to be used by the account for a default file creation mask.
Home directory permissions: Specify the access used by the account as a default change file mode value for the user home directory.

Administration choices(1) page

Force a password change?: Select this check box to force the user to change the password for this account when logging in for the first time.
Primary group: Specify the name of the group to use as the primary group of the user.
Secondary group: Specify the name of the group to use as the secondary group of the user.
Groups that can use the su command on this user: Specify the name of the group that can use the UNIX su command on the user.
Groups to be administered: Specify the groups to administer.
Home directory: Type the fully qualified UNIX path for the home directory of the user account.
Password maximum age: Type the maximum number of weeks that the password for the account is valid.
Password minimum age: Type the minimum number of weeks that the password for the account is valid.
Password warning age: Type the number of days before the date that a password expires that a warning is issued to the user.
Administrative roles: Specify the administrative roles for the user.
Additional mandatory methods for authenticating the user: Specify other mandatory authentication methods.
Additional optional methods for authenticating the user: Specify other optional authentication methods.
Allow at jobs?: Select this check box to enable this account to run an at job.
Allow cron jobs?: Select this check box to enable this account to run a cron job.

Administration choices(2) page

Audit class

Specify the list of audit classes for the user.

Allow user to execute daemon process?

Select this check box to enable the user to run daemon processes on the system.

Allow user to log in to the system?

Select this check box to enable the user to log directly into the system.

Allow user to remotely login to the system?

Select this check box to enable the user to log into the system remotely.

Can another user switch user to this user?

Select this check box to enable another user to use the UNIX su command on this user.

Is this user an administrator?

Select this check box to designate the user as an administrator of the system.

Trusted path status

Select the default trusted path status for the account.

always: Specifies that the user that is confined to the trusted path.
/notsh: Specifies that the user session ends if the secure attention key (SAK) signal is detected.
nosak: Specifies that the SAK key is disabled.
on: Specifies that the standard trusted path management is used.

Soft limit for largest core size

Specify the soft limit for the largest core file that the user's process can create.

Soft limit for maximum amount of CPU utilization

Specify the soft limit for the largest amount of system unit time (in seconds) that the user's process can use.

Soft limit for largest data segment

Specify the soft limit for the largest process data segment for the user's process.

Soft limit for largest file size

Specify the soft limit for the largest file that the user's process can create or extend.

Soft limit for largest stack segment

Specify the soft limit for the largest process stack segment for the user's process.

Largest core size

Specify the largest core file that the user's process can create.

Maximum CPU utilization

Specify the largest amount of system unit time (in seconds) that the user's process can use.

Largest data segment

Specify the largest process data segment for the user's process.

Largest file size

Specify the largest file that the user's process can create or extend.

Largest stack segment

Specify the largest amount of physical memory that the user's process can allocate.

Allowed login time

Specify the days and times that the user is allowed to access the system.

Allowed number of login retries before locking the account

Specify the number of failed login attempts before the account is locked.

Maximum number of days the account can remain valid after the password expires

Specify the maximum time (in weeks) that the account can remain active after the password for the account has expired.

Minimum alphabetic characters in password

Specify the minimum number of alphabetic characters that must be included in the password for the account.

Minimum difference between the current and last password

Specify the minimum number of characters that are required in a new password that were not in the old password.

Maximum number of characters that can be repeated in a password

Specify the maximum number of characters in a password that can be repeated.

Minimum length of the password

Specify the minimum length of the password.

Password restriction methods

Specify password restriction methods to the account.

Password dictionaries used to restrict passwords

Specify the password dictionary files that are used to restrict which passwords can be used by the account.

Number of previous passwords that cannot be reused

Specify the number of passwords to be kept in the password history.

Account last accessed on

Specify a value for the last access date and time.

Valid terminals allowed to access the account

Specify which terminals can log in using this account.

System authentication mechanism for the user

Specify the authentication mechanism the system uses to authenticate the user.

Authentication registry where the user is administered

Specify the registry that is used for authenticating the user.