NAME

classadm - add, remove, modify and list userclasses.

SYNOPSIS

classadm -l [-u userclass]
classadm -a -u userclass [-c comment] [paramname=paramvalue ...] [-g group]
classadm -r -u userclass
classadm -e -u userclass paramname[=paramvalue] ...
classadm -m -u userclass -n new_name
classadm -d -u userclass paramname ...
classadm -s -u userclass [ paramname]
classadm -A -u userclass user ...
classadm -R -u userclass user ...
classadm -P -u userclass user ...
classadm -j -u userclass xrole:host/hostgroup ...
classadm -J -u userclass xrole:host/hostgroup ...
classadm -S [-W] [-u userclass]
classadm -L [-P] -u userclass
classadm -L [-P] user ...
classadm -u userclass -g group
classadm -u userclass -G group
classadm -i -u userclass

DESCRIPTION

classadm administers classes in the BoKS database.

OPTIONS

-l
List all userclasses or a specified userclass.

-a
Add a userclass.

-r
Remove a userclass.

-e paramname[=paramvalue]
Enable parameter for a userclass and possibly set value for parameter.

-m
Modify a userclass (only rename for now).

-d paramname
Disable parameter for a userclass.

-A
Add a userclass to users

-R
Remove a userclass from users

-P
Set the primary userclass to userclass for each of the specified users. Specify ’’ (an empty string) or - as userclass to unset the primary userclass.

-j
Assign xRole at host/hostgroup to userclass. The xRole and host/hostgroup must already be defined. If this is the first assignment between the userclass and the xRole a generic access route for role change using password authentication will be created.

-J
Unassign xRole at host/hostgroup from userclass. If this is the last assignment between the userclass and the xRole the generic access route for role change will be deleted, see option -j.

-S
Show xRole assignment for a userclass. If userclass not given, list all userclasses that have xRole assignments.

-W
In combination with option -S. List xRole assignment in "raw" format (comma separated parameters) suitable for automatic parsing.

-L
List all users for a userclass, or all userclasses for a set of users. Use -P to list all users that have userclass set as primary userclass, or to list the primary userclass for each specified user.

-s
Show parameters for userclass.

-u userclass
User class to operate on.

-c comment
The comment can be used in conjunction with -a.

-v
Be verbose.

-g group
Unix group to add to user class. Can be used in conjunction with -a. group can be either a group id or a group name.

-G group
Unix group to remove from user class. group can be either a group id or a group name.

-i
List unix groups in user class.

-n new_name
Use with -m to rename a userclass. See Rename Operation in NOTES below for details. If the userclass has been added to Active Directory using the adgroup command, you are not allowed to change its name in BoKS.

PARAMETERS

The following parameters are possible to set:

Parameter name Description Given as
pswvalidtime Password Life Span Number of days
chpswtime Grace period for psw change Number of days
pswminlen Minimum psw length Number of characters
pswforce Password restrictions 0/1 (see below)
pswhistlen Psw history length Number
timeout Inactivity Timeout Number of minutes
ttimeout Time dependent timeout Number of minutes
tstart Start time for time dep. timeout HHMM
tend End time for time dep. timeout HHMM
tdays Weekdays for time dep. timeout 1=Mon, 2=Tue, etc
retrymax Max number of failed logins Number
concur_logins Max number of concurrent logins Number (0 = no limit)
shell Login shell string
maxsshuserkeys Max number of ssh user public keys Number
pswforce values:

Value Description
0 no format restrictions
1 new/old password look-alike check

BUGS

The loginvalidtime parameter cannot be set even though the command does not complain if you attempt to
set it.

NOTES

Rename Operation:
The name of the User Class will be changed in all database tables.
The name of the User Class will be changed in the $BOKS_etc/profiles/host2profile file on the BoKS master
if it exists there.

Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: June 14, 2019