|
|
To set up an idata map file for a particular ID mapping scheme, enter the idadmin command with the ID mapping scheme name and specify the format that the global name should take in all file entries.
The idadmin command has the following syntax when used to set up
a new file:
idadmin -S scheme -I descr
scheme is the name of the ID mapping scheme. descr is a string called a format descriptor: the string specifies the form that the name of the remote user must take in the idata map file.
For example, cr1 expects global names to consist of the user's login, followed by the character ``@'', then the system name. The global name of a user with the login jeff on a machine called moon would be jeff@moon. The format descriptor itself consists of field numbers, the letter ``M'' (indicating the fields are mandatory) and the character(s) that are used as field separators.
The file descriptor you would enter to set up an idata file for cr1 would be M1@M2. The field numbers indicate the order of significance of the fields, where higher numbered fields are more significant. In the example, ``M2'' means that the entity to be specified in the second field is of greater significance on the network than the entity specified in the first field. In this case, the system is of greater significance than the user. The letter ``M'' indicates that the fields are required when specifying g_name.
Assume that BNU services are registered with the authentication
scheme cr1.
To set up an idata file that would
map remote users to the local system and give them access
to BNU, enter the following command:
idadmin -S cr1 -I M1@M2
When the idadmin command in the example is executed, it creates the file /etc/idmap/cr1/idata. The first line of the file consists of the format descriptor. Except for the format descriptor, the file is empty until user entries are added, as described in the following section.