|
|
When user-controlled mapping is disabled, every time a remote user attempts to access the local system, an internal routine searches the appropriate idata file for a map entry for that user. When user-controlled mapping is enabled, the uidata file is searched first. Because any entry in uidata relevant to the remote user is found before an entry in idata, the entry in uidata takes precedence over the idata entry. In this way, the user-specified mapping overrides an administrator-specified mapping for that user. When user-controlled mapping is disabled, uidata is not searched at all.
Whenever maps for a new ID mapping scheme are set up, user-controlled mapping is disabled. Before enabling user-controlled mapping, create local logins for your remote users.
To enable user-controlled mapping for
a particular authentication scheme, enter:
idadmin -S scheme -u
where scheme is the name of the ID mapping scheme. This command activates the USER mode of the authentication scheme.
To disable user-controlled mapping, enter:
idadmin -S scheme -s
This command activates the SECURE mode of the authentication scheme.
When no options are given, idadmin lists all schemes and indicates whether each is in USER or SECURE mode. A scheme in SECURE mode has user-controlled mapping disabled.