Administering ID mapping

Administering a uidata file

Like an idata file, a uidata file maps remote user logins to local logins; however, entries in a uidata file are specified by users themselves, not the system administrator.

A sample uidata file is shown below:

   !M1@M2
   joe@ulysses jfl
   mike@alpha mickey
   mike@beta mickey

NOTE: Unlike idata, the administrator-controlled login map file, uidata, cannot be used to set up transparent mapping; the use of regular expressions in uidata entries is not permitted.

When you enable user-controlled mapping, a user with logins on both a remote system and the local system can access the local system and make an entry in uidata that maps this user's remote login to a local login. By enabling user-controlled mapping and instructing users to update the database, an administrator can distribute the workload and minimize the administrative overhead. For more information about user-controlled mapping, see ``Enabling and disabling user-controlled mapping''.

uidadmin(1bnu) is the command interface to uidata. When you enter uidadmin, assuming user-controlled mapping is enabled, you can do the following as a non-privileged user:

add and delete your entries
display your entries

An administrator can use the uidadmin command to:

display all the entries in a uidata file
check the consistency of file entries and fix inconsistencies
add or delete an entry on behalf of a non-privileged user

NOTE: The administrator of user-controlled mapping must be in group sys.

The uidadmin command has the following syntax:

uidadmin [-S scheme [-l logname]]
uidadmin -S scheme -a [-l logname] -r g_name
uidadmin -S scheme -d -l logname [-r g_name]
uidadmin -S scheme [-cf]

See uidadmin(1bnu) for more details.

The options and command syntax required to execute a particular operation are described in the following sections.