SSH Reference Manual
If no value is specified, the value will be reset to the default. The default is to use the value of SSH2 parameter CPUSET
to determine a CPU or, if that is not set, the CPU the SSH2 process is running in is used.
EXPIRE-DATE
This optional attribute of an ssh user’s PUBLICKEY entry is used to set the EXPIRE-DATE (not-valid-after date) for the
public key. This attribute can only be set if the life-cycle policy for User Public Keys is enabled (determined by SSH2
parameter LIFECYCLEPOLICYPUBLICUSERKEY). If SSH2 parameter LIFECYCLEPOLICYPUBLICUSERKEY is
set to FIXED, then field EXPIRE-DATE can be modified by the SUPER.SUPER user only (unless explicitly denied in
OBJECTTYPE USER record) or those configured with full SSHCOM access. In case the SSH2 parameter
LIFECYCLEPOLICYPUBLICUSERKEY is set to VARIABLE, then every user with partial SSHCOM access can
change field EXPIRE-DATE.
FROZEN
If the FROZEN attribute is set, the user is added in the frozen state. If omitted, the user will be added in the thawed state.
LIKE
When specified, the new user record is first initialized with the values taken from the <existing-user-name> user record.
Then the new user name and any other attributes specified in the ADD USER command are applied before the new user
record is added. If the ADD USER command does not include a SYSTEM-USER attribute, then the new user name is
used as SYSTEM-USER as well unless the SSH2 parameter USETEMPLATESYSTEMUSER is true (in that case the
new user record will get the value for the SYSTEM-USER attribute from the <existing-user-name> user record).
LIVE-DATE
This optional attribute of an ssh user’s PUBLICKEY entry is used to set the LIVE-DATE (not-valid-before date) for the
public key. This attribute can only be set if the life-cycle policy for User Public Keys is enabled (determined by SSH2
parameter LIFECYCLEPOLICYPUBLICUSERKEY). If SSH2 parameter LIFECYCLEPOLICYPUBLICUSERKEY is
set to FIXED, then field LIVE-DATE can be modified by the SUPER.SUPER user only (unless explicitly denied in
OBJECTTYPE USER record) or those configured with full SSHCOM access. In case the SSH2 parameter
LIFECYCLEPOLICYPUBLICUSERKEY is set to VARIABLE, then every user with partial SSHCOM access can
change field LIVE-DATE.
OWNER
Allow an existing local user to modify all USER records that are configured with that local user as value for USER
attribute OWNER. The allowed actions will be the same as defined by PARTIALSSHCOMACCESSUSER/GROUP
parameters. The OWNER field for existing USER records will be assumed to be "*NONE*" which means the user that is
currently logged in. New USER records will also be set to OWNER "*NONE*" by default unless attribute OWNER is
explicitly set to a different value. The owner could be identical to the SYSTEM-USER value, could be "SUPER.SUPER"
or the group manager of the user configured in SYSTEM-USER or could be any other local system user.
PRINCIPAL
When Kerberos is implemented on the system, this attribute is used to explicitly specify which Kerberos principal(s) are
authorized to logon to this user account using “gssapi-with-mic” authentication. To define an access control list with
multiple principals within a single command, the PRINCIPAL attribute can be repeated within a single ADD USER
command.
Note: Specifying one or more Kerberos principals using this attribute will override the default Kerberos authorization
rule, which implicitly grants access to the Kerberos principal with a matching local account name.
The PRINCIPAL attribute may have the following values:
• <user>@<REALM>
A fully qualified Kerberos principal name will authorize a specific Kerberos principal to access this user
account
HP NonStop SSH Reference Manual SSHCOM Command Reference • 171