login

Establishes authentication credentials that are used for communication with the Security Access Manager policy server. These credentials are used to determine access privileges for the user to policy server data. Most commands cannot be performed unless an explicit login is done.

This command does not require a login or authentication to use.

Syntax

login –a admin_id [–p password] [–d domain]

login –a admin_id [–p password] [–m]

login –l

Description

Credentials are used to determine user access privileges to policy server data. Except the context, errtext, exit, help, login, logout, and quit commands, and the local configuration commands, a user ID, and a password are needed for authentication.

Credentials are not accumulated or stacked. A login command completely replaces any existing credentials.

In interactive mode, the pdadmin prompt changes, depending on how the user logs in:
  • Not interactive mode. This command starts the pdadmin utility. In interactive mode, the login commands are entered from the pdadmin> prompt. 
    c:\> pdadmin
pdadmin>
  • A user local login that is performed for local configuration. No authentication is required. 
    pdadmin> login -l
pdadmin local>
  • An administrator login that is performed to the local domain. In some cases, the local domain might be the management domain, which is named Default. Authentication is required. 
    pdadmin> login -a sec_master -p secmstrpw
pdadmin sec_master>
  • A user login that is performed to the local domain. Authentication is required. 
    pdadmin> login -a dlucas -p lucaspw
pdadmin dlucas>
  • A user login that is performed to another domain other than their local domain. Authentication is required. 
    pdadmin> login -a dlucas -p lucaspw -d domain_a
pdadmin dlucas@domain_a>
  • A user login that is performed to the management domain. Authentication is required. 
    pdadmin> login -a dlucas -p lucaspw -m
pdadmin dlucas@Default>

Options

–a admin_id
Specifies an administrator ID.
–d domain
Specifies the Security Access Manager secure domain for the login. The admin_id user must exist in this domain.
–m
Specifies that the login operation must be directed to the management domain. The admin_id user must exist in this domain.
Note: Only one of the following domain options can be specified: –d domain or –m. If neither option is specified, the target domain is the local domain that is configured for the system. The admin_id user must exist in the target domain, whether it is explicitly specified.
–p password
Specifies the password for the admin_id user. If this option is not specified, the user is prompted for the password. The password cannot be specified if the admin_id is not specified.
–l
Specifies a local login operation. When modifications are made to local configuration files by using the config commands, a local login is required before you can run commands. The user can run the context show command to view more authentication information.

Return codes

0
The command completed successfully.
1
The command failed. When a command fails, the pdadmin command provides a description of the error and an error status code in hexadecimal format (for example, 0x14c012f2). See "Error messages" in the IBM Knowledge Center. This reference provides a list of the Security Access Manager error messages by decimal or hexadecimal codes.

Examples

  • The following example logs the sec_master user in to the management domain and then displays the authentication context for the user: 
    pdadmin> login -a sec_master -p pa55w0rd -m

pdadmin sec_master> context show

User: sec_master
Domain: Default
The user is logged in to the management domain.
  • The following example logs in a user to the domain1 domain and then displays the authentication context for the user: 
    pdadmin> login -a domain1_admin -p d0main1pwd -d domain1

pdadmin domain1_admin@domain1> context show

User: domain1_admin
Domain: domain1
The user is not logged in to the management domain
  • The following example interactively logs in the user to their local domain that is configured for the system. The domain name is testdomain. The example then displays the authentication context of the user: 
    pdadmin> login
Enter User ID: testdomain_admin
Enter password: adminpwd

pdadmin testdomain_admin> context show

User: testdomain_admin
Domain: testdomain
The user is not logged in to the management domain
  • The following example of a local login demonstrates how the prompt changes, depending on the type of interactive login: 
    c:\> pdadmin login -l

    Provides this prompt:

    pdadmin local>
Parent topic: pdadmin commands