passwd_import(1m)passwd_import(1m)NAMEpasswd_import - Creates registry database entries based on information
in UNIX group and password files
SYNOPSISpasswd_import [-c] -d pathname [-i] [-o org] [-p password]
[-u username] [-h] [-v]
OPTIONS
Run in check mode: process the command, showing all conflicts, but
make no requests for resolution. The path to the directory containing
the foreign password and group files to be imported. Ignore name con‐
filcts. Names in the registry and the group and password files repre‐
sent the same identity. The name of an organization to be assigned to
all imported entries. The default organization is none. The password
for the account with whose privileges passwd_import will run. The
principal name of the account with whose privileges passwd_import will
run. This account must have the privileges to access the registry and
add principals, groups, accounts, and organizations, and to add members
to groups and organizations. The principal name and password are used
to obtain network authentication. If you do not supply them,
passwd_import prompts for them, even if you have already performed a
network login. Display help information. Run in verbose mode: gener‐
ate a verbose transcript of passwd_import activity.
DESCRIPTION
The passwd_import command is a mechanism for creating registry database
entries that are consistent with foreign password and group file
entries.
Use passwd_import to ensure consistency between DCE and foreign protec‐
tion mechanisms when you do the following: Attach DCE node(s) to an
existing UNIX network Attach UNIX node(s) to a DCE network Connect DCE
and UNIX networks
If the password and group file entries do not exist in the DCE reg‐
istry, passwd_import creates them. If there are duplicate entries,
passwd_import follows your directions on how to handle them.
The Process
The DCE registry database must exist and be running before you can use
passwd_import. If you are simply adding a few DCE nodes to a foreign
network, you can create a new, but empty, registry to meet this
requirement.
As passwd_import processes, it performs the following steps: It opens
the group and password files and establishes a connection to the reg‐
istry. It compares the group file entries to groups in the registry.
If there are no conflicts, it creates groups in the registry corre‐
sponding to the groups in the group file. It compares the entries in
the password file to principals in the registry. Again, if there are
no conflicts, it Creates principals in the registry corresponding to
the entries in the password file. Adds the newly created principals to
the appropriate groups. Creates accounts for the newly created princi‐
pals. It re-examines the group file and adds the principals as members
of any addtional groups it finds there.
The changes to the registry are made individually as each step is pro‐
cessed. If you do not specify the organization, the principals are
added to the organization none.
Conflicts
During this process, passwd_import can find conflicts in name strings
(for example, in the password file, joe 102; in the registry database,
joe 555) and in UNIX IDs (for example, in the password file, joe 102;
in the DCE, carmelita 102). When passwd_import finds a conflict, it
prompts for changes to make to the /etc/passwd and /etc/group entries.
No changes are made to the registry entries. In other words, all con‐
flicts are resolved in favor of the registry entry.
The -i option specifies that duplicate names are not in conflict but,
in fact, represent the same identity. Therefore, when duplicate names
arise, no action is necessary. If you do not use the -i option,
passwd_import prompts for how to handle the name conflicts.
Resolving Conflicts
The passwd_import command prompts for instructions to resolve the con‐
flicts it finds. You have the following choices: You can create an
alias to resolve a UNIX ID conflict. This action creates an alias for
the registry object in conflict. The passwd_import command assigns
this alias the same name as the conflicting entry in the /etc/group or
/etc/passwd file. For example, if the entry joe 555 exists in the reg‐
istry and the entry tim 555 exists in the /etc/passwd file, choosing
this option creates the alias tim for joe 555. You can generate a new
UNIX ID automatically or enter a new one explicitly to resolve a UNIX
ID conflict. For example, if there is a conflict between the entry joe
555 in the registry and tim 555 in the /etc/passwd file, you can gener‐
ate a new UNIX ID for tim. You can enter a new name to resolve a name
conflict. For example if there is a conflict between the entry joe 555
in the registry and joe 383 in the /etc/passwd file, you can generate a
new name for joe 383. This new name will then be added to the registry.
In addition, you are given the option of ignoring the conflict and
skipping this entry.
Generally, you should run passwd_import with the -c option. Using the
results of this run, you can determine how to handle the conflicts. If
there are many conflicts, it may be more efficient to manually edit
either the registry or the group and password files to resolve some of
them before you run import_passwd.
Registry Database Entries
New registry entries created by passwd_import are assigned the follow‐
ing values: If the /etc/passwd file contains two entries with the same
UNIX number, passwd_import creates a primary name entry for the first
occurrence of the UNIX number and alises entries for each subsequent
occurrence. A blank string; no fullname is added for the entry. For
new groups only, all principals listed in the group file, and all prin‐
cipals with accounts in the password file with that group. Yes (for
groups only). None. False. True. False. True. Same as password
file. Time of account creation. Same as password file. Default to
registry authentication policy. Default to registry authentication
policy. Randomly generated. Note that you must modify or reset ran‐
domly generated passwords before user authentication is possible. Date
and time passwd_import was run. False. False. False. True. True.
Same as password file. True.
RELATED INFORMATION
Commands: rgy_edit(1m), sec_admin(1m), secd(1m)passwd_import(1m)