user modify
Changes various user account attributes.
Requires authentication (administrator ID and password) to use.
user modify user_name account-valid {yes|no}
user modify user_name password password
user modify user_name password-valid {yes|no}
user modify user_name description description
user modify user_name gsouser {yes|no}Options
- account-valid {yes|no}
- Enable or disable the specified user account. A user cannot log in with a disabled account. Valid values are yes and no.
- password password
- Modifies the user password. The new password must comply with password policies in effect. When a password is set or changed, the password must comply to:
- The defined Security Verify Access password policy and
- The password policies for any underlying operating systems or user registry.
When the password policy is enforced, Security Verify Access first validates compliance against the ISAM password policy currently in effect. Then, Security Verify Access validates compliance against the underlying user registry. Although a password complies to the defined ISAM policy, it might fail against the password policy of the underlying user registry. Old passwords can still be used after a password change when:
- You are using Active Directory as our user registry.
- The Active Directory server is running on Windows 2003 SP1 or later.
See the following web page:
http://support.microsoft.com/?id=906305- password-valid {yes|no}
- Validates or invalidates the password for the specified user account. Valid values are yes and no. If the value is no, the password seems expired and the user cannot log in using the password. For a user to log in, an administrator must set the valid state to yes. The user can also authenticate using another method, such as using a certificate.
Another reason a user might not be able to authenticate with a specified password is because the maximum password age was exceeded. If you check and find the password-valid is set to yes, then try changing the value for the policy set max-password-age parameter. Only an administrator or a user that has the authority can set the max-password-age policy on a user account. A user cannot set this policy on their own account. This policy sets the maximum time, in days, that a password is valid. Time is relative to the last time the password was changed.
When you change the value for password-valid or reset policy set max-password-age, we do not have to change the password.
If you reset a password, the password-valid parameter automatically switches to back to yes, and the max-password-age parameter resets the age to expire. For example, if the maximum password age is set to 30 days, another 30 days begins from the time you reset the password.
- user_name
- Name of the account to be modified. The user must exist, or an error is displayed. A valid user name is an alphanumeric string that is not case-sensitive. For GSO users see Characters disallowed for GSO names for the list of these characters. Examples of user names are dlucas, sec_master, and "Mary Jones"
- description description
- Specifies any text string describing the user being created. Examples of user description are "Head of department" and "Department number of employee".
- gsouser {yes|no}
- Enables global sign-on (GSO) capabilities for the specified user. Valid values are yes and no.
Return codes
- 0
- The command completed successfully.
- 1
- The command failed. When a command fails, the pdadmin command provides a description of the error and an error status code in hexadecimal format (for example, 0x14c012f2). See "Error messages" in the IBM Knowledge Center. This reference provides a list of the ISAM error messages by decimal or hexadecimal codes.
Examples
- Enable the specified user account:
pdadmin sec_master> user modify dlucas account-valid yes
- Change the password for a user account:
pdadmin sec_master> user modify dlucas password newpasswd
See also
user create
user importParent topic: pdadmin commands