|
|
Assume the ID mapping scheme is ``idmp'' and g_name has the form
``M1@M2.M3'', where ``M1'' indicates the user's login.
The following command line transparently maps all
users on the remote system man in the
domain moon.
All users are mapped to the local
login guest.
idadmin -S idmp -a -l guest -r "*@man.moon"
If you enter * in place of the remote user name and %1 in place of logname on the idadmin command line, you map all remote logins to the same values indicated in ``M1''. Assume the authentication scheme is called cr2 and the format descriptor is ``M2:M1''.
If you want to map all logins on
pluto
to identical logins on your machine, you would enter
idadmin -S cr2 -a -l %1 -r "pluto:*"
In this example, user bob on the remote system would be mapped to bob on the local system; johnd on the remote system would be mapped to johnd, and so on.
In the next example, assume you want to map all logins on remote system mars to identical logins on your system, with the exception of the remote login guest. Assuming cr1 is the authentication scheme, the map must contain the following pair of entries:
guest@mars %i *@mars %1To add the entries to the map, first enter
Then enter
idadmin -S cr1 -a -l %1 -r "*@mars"
These entries could have been added in reverse order. The idadmin command ensures that the most specific entry appears first in the file. If you enter %i in place of logname on the idadmin command line, the remote user specified by the -r would be rejected.
Other characters can appear in a field containing an asterisk.
For example, all remote system names beginning with ux
will match the pattern ux*.
The following command adds transparent mapping for all users on
machines with names being with ux:
idadmin -S cr1 -a -l %1 -r "*@ux*"
In addition, to exclude all
guest
users on these remote systems, enter
idadmin -S cr1 -a -l %i -r "guest@ux*"
The contents of an idata file with these four entries would be
M1@M2 guest@mars %i *@mars %1 guest@ux* %i *@ux* %1When an idata file is searched for a global name, it is scanned sequentially. Therefore the ordering of global names in this file is critical.
Global names are sorted on the highest numbered field first. Entries with explicit values in this field appear first in the file. Entries with regular expressions in this field appear next and are sorted from most specific to least specific. For example, the remote system name ux* is more specific than the remote system name u* and therefore would appear first in the file.
If two or more entries are equally specific, the specificity of the next lower numbered field is examined. Fields are examined from highest to lowest until the global names can be differentiated.