Administering ID mapping

Administering an idata file

Each entry in idata maps a user login on a remote system to a login on the local system. A sample idata file is shown below:

   !M1@M2.M3.M4.M5
   root@joker.sf.buu.com root
   *@*.sf.buu.com %1
   *@*.tm.buu.com guest
   ilya@*.*.*.* ilya

Note that the example includes regular expressions, which are used to map remote users transparently or to map multiple users to a general login. The use of regular expressions in the idata file is explained in detail in ``Adding an entry to an idata file''.

All entries in an idata file are specified by the system administrator. When a remote user has an entry in idata, that user can access a service on the local system and assume the user identity defined by the administrator.

The idadmin command is the command interface to idata. It allows a privileged user to do the following:

create and delete an idata file for a particular ID mapping scheme
add and delete user entries in an idata file
display information about the idata files
check the consistency of file entries and fix inconsistencies
enable and disable user-controlled mapping.

The idadmin command has the following syntax:

idadmin [-S scheme [-l logname]]
idadmin -S scheme -a -l logname -r g_name
idadmin -S scheme -d -l logname [-r g_name]
idadmin -S scheme -I descr
idadmin -S scheme [-Duscf]

See idadmin(1Mbnu) for more details.

The options and command syntax required to execute a particular operation are described in the following sections.