Syntax for pdadmin commands

Syntax for pdadmin commands

The following syntax is used with the pdadmin command:
pdadmin [-I configuration-instance-name] [[-a admin_id [-p password] [-d domain]] [-linelen max-linelen] [-histsize history size] [-v] [command]
pdadmin [-I configuration-instance-name] [[-a admin_id [-p password] [-d domain]] [-linelen max-linelen] [-v] [file]
pdadmin [-I configuration-instance-name] [[-a admin_id [-p password] [-m]] [-linelen max-linelen] [-v] [command]
pdadmin [-I configuration-instance-name] [[-a admin_id [-p password] [-m]] [-linelen max-linelen] [-v] [file]
pdadmin [-l] [-linelen max-linelen] [-v] [command]
pdadmin [-l] [-linelen max-linelen] [-v] [file] The following list explains the options for the pdadmin utility:

command

Single pdadmin command to run. The command is run one time. The pdadmin utility does not enter interactive mode. The command option is mutually exclusive with the file option.

file

Fully qualified name of the file that contains a list of commands to run. These commands are run one time. The pdadmin utility does not enter interactive mode. The file option is mutually exclusive with the command option. For Windows operating systems, file names cannot contain the backward slash (\), colon (:), question mark (?), or double quotation mark characters.

-a admin_id

Logs you in as the user admin_id. This administrator must exist in the domain. If we do not specify this option on the command line, we are considered unauthenticated, and your access to other commands is limited. If we specify this option without specify the -p option, we are prompted for the password.
The -a option is mutually exclusive with the -l option. If we do not specify either option, we are logged in as an unauthenticated user. Unauthenticated users can use the context, errtext, exit, help, login, logout and quit commands only.

-d domain

Specifies the ISAM secure domain to log in. Log in to this domain requires authentication. The admin_id user specified must exist in this domain. The -d option is mutually exclusive with the -m option. If neither options are specified, the target domain is the local domain configured for the system.

-I configuration-instance-name

Pd.conf file instance the pdadmin command should use. The configuration-instance-name value is the hostname provided to the pdadmin_host command that generated the configuration file. This option allows pdadmin to communicate with multiple policy servers.

-l

Specifies a local login operation. When modifications are made to local configuration files by using the pdadmin config commands, a local login is required before we can run commands.
The -l option is mutually exclusive with the -a option. If we do not specify either option, we are logged in as an unauthenticated user. Unauthenticated users can use the context, errtext, exit, help, login, logout and quit commands only.

-linelen max-linelen

Currently, the -linelen option is ignored.

-m

The login operation must be directed to the management domain. Log in to this domain requires authentication. The admin_id user specified must exist in this domain. The -m option is mutually exclusive with the -d option. If neither options are specified, the target domain is the local domain configured for the system.

-p password

Password for the user admin_id. Using this option might show your password to others because the password is visible on the screen and also in the process table. If we do not specify this option on the command line, we are prompted for a password. This option cannot be used unless the -a option is used.

-v

Prints the version number of the pdadmin utility. If this option is specified, all other valid options are ignored.
The following example is the output that we might see when we use this option:
Security Verify Access Administrative Tool v10.0.0.0 (Build 20200202) Copyright (C) IBM Corporation 1994-2020. All Rights Reserved.

-histsize

Command history size. The default command history size is 64. The minimum size of the command history is 1 and the maximum size is 1024. The command history option is available only in the interactive mode and on operating systems other than Windows.

If we specify the -a and -p options, we are logged in as that user. Using this method might show your password to others. For example, one user is using pdadmin with this command. Another user lists the processes that are running. Then, the full command that includes the password, might be visible to the second user.
Users can run the pdadmin context show command to view their authentication information.

Parent topic: pdadmin commands