Internet Express for Tru64 UNIX Version 6.8 Administration Guide (14233)
secondary groups by selecting more than one group from the list box. (If you select more than
four groups, the user is assigned to only the first four groups, starting at the top of the list.)
For captive Internet Express users, group assignment is optional. You can select up to four groups
to associate with an Internet Express user account. The Administration utility automatically
assigns IASS_Usr (or Lkr_Usr_, if it exists from a previously installed version of Internet
Express) as the primary group to Internet Express captive accounts.
Note:
If the Enable Group Attributes field is checked in the LDAP Module for System Authentication
— Configure Group Attributes, and the LDAP Module for System Authentication is enabled
(see Section 4.2.1.3: Configuring LDAP Group Attributes), then the LDAP secondary groups will
appear on the Create System User Account, Create Named User Account, and Create Generic
User Accounts pages.
For noncaptive Tru64 UNIX system users, you must assign the user to at least a primary group.
This group becomes the login group for the account. The Administration utility sets the default
primary group for noncaptive accounts to users; if the users group does not exist, the default
primary group is IASS_Usr (or Lkr_Usr_, if it exists from a previously installed version of
Internet Express).
Note:
If you need to change an account's primary group, you must use Tru64 UNIX commands at the
shell prompt.
After a set of Internet Express accounts is associated with a group, you can use that group to
make modifications to the set of accounts. For example, if you assign a set of captive accounts
to the group finance, you can later modify or delete the group. All accounts associated with
the finance group will be modified or deleted in that one action. Also, if you select Display
User Accounts and specify a group, information on all users in that group is displayed.
3.2 Creating Captive Accounts for Named Users
To create a named captive account, follow these steps:
1. From the Manage Users menu, choose Create Captive User Accounts.
2. From the Create Captive User Accounts menu, choose Create Named User Account.
3. Specify the user (login) name for the account in the Login Name field (see Section 3.1.1:
Specifying User Names).
4. Optionally, specify a password in the Password field. To verify the password, enter it again
in the Verify Password field. (The system will generate a password if you do not specify
one.)
5. To specify the parent directory for these generic accounts, enter the full pathname of the
parent directory (excluding the login name) in the Parent Directory field. The default login
directory for generic captive accounts is /data/IASS_Usr/login_name (or
/data/Lkr_Usr_/login_name, if the /data/Lkr_Usr_ directory exists from a previously
installed version of Internet Express).
6. Optionally, specify the account name. (This is usually the full given name of the person for
whom you are creating the account.)
7. Optionally, assign the account to up to four existing groups (see Section 3.1.5: Assigning
Users to Groups) by selecting the groups from the Secondary Groups list box. (The
Administration utility automatically assigns captive user accounts to the IASS_Usr group
as the primary group.)
8. If you installed and enabled the LDAP Module for System Authentication, the Create Named
Captive Account form displays a checkbox labeled Store Users in LDAP Directory Server.
48 User Administration