UNIX onlyrealusers
Administers UNIX/Reality password integration.
Syntax
realusers options {database}
Restrictions
Super-user (root) only. The specified database must be inactive.
If you are using Database Isolation, you must use realroot to select required instance of Reality before running realusers.
Parameters
database The database to be registered to use UNIX passwords.
Options
-n No write. Just displays what it would otherwise do.
-q Display the register status of the database.
-r Register a database to use UNIX system passwords.
-R De-register a database from using UNIX system passwords.
-u Create/delete UNIX users so as to match those in USERS file.
Registering a database
realusers with the -r option writes the database path into /etc/realdbases and puts the parameter SystemPassword=1 into the database's config file. It then connects to the database and replaces any existing Reality password attribute in the USERS file with a null.
Updating UNIX users
Once the database is registered to use UNIX passwords, realusers with the -u option can be executed to bring user entries in /etc/passwd in-line with Reality USERS file entries. It creates UNIX user-ids to match Reality user-ids already on the database, using a range of UNIX uids specified in a configuration file called users (see below). UNIX user entries within this range, for which there are no matching Reality users, are removed. If a Reality user-id is the same as an existing UNIX user-id with a uid outside this range, no UNIX user-id is created.
To ensure that realusers -u does not overwrite or delete existing user entries in /etc/passwd, make sure that the range of user numbers specified in the users file excludes existing UNIX uids.
Before running realusers a user ID realusers should be created on the system. This user must be given a home directory, typically /home/realusers and this path must be set in the users file (described below). See Starting Reality Automatically for more information how to setup the realusers home directory.
Users files
In order to create a new UNIX user-id, realusers needs to know what to put in /etc/passwd. This is driven by the configuration file users which is looked for first in $REALDBPATH/configs, then in $REALROOT/files. See below for a sample default users file.
A users file is supplied with the following defaults set up:
# This file specifies how new users will be created # by the realusers command # group other home /home/realusers shell /bin/sh comment Reality User # Default password if none supplied. Need not be set. # password welcome # User id range start to end. End need not be set. start 1000 #end 2000
The start and end numbers in a database's users file indicate the range of numbers allocated to user-ids on the associated database. realusers -u when run on a particular database will only modify user-ids which have numbers within the range specified in the associated users file (see Caution above).
The minimum value for start is 500. If end is not set, then the upper limit is start plus 5000. Existing user-ids outside this range will not be modified.
reality -u and -U options
The reality -u option which allows you to log to a database under a different user name and the reality -U option which suppresses the default user-id and takes you to the Logon Please prompt are not available when user password integration is enabled. You must log on under your current user-id.