How import yasswd Processes

When import_passwd processes, it compares the foreign group and password file entries to the Apollo registry entries. It can find two types of conflicts:

• Name Conflicts. These conflicts arise when the same name string is defined in the Apollo registry and the foreign system. "Joe 102" and "Joe 555" are an ex-ample of such a conflict. The duplicate name may represent the same user or two different users.

• UNIX ID Conflicts. These conflicts arise when the same UNIX ID is defined in the Apollo registry and the foreign system for users with different names. "Joe

102" and "Ann 102" are an example of such a conflict.

These conflicts can be found separately, as in the examples above, or together. For in-stance, an Apollo entry of "Joe 102" and a foreign entry of "Joe 102" are in conflict.

Unless they represent the same user, one of the entries must be changed.

As import_passwd processes, it performs the following steps in sequence:

1. It puts the Apollo registry in maintenance mode and reads the foreign group and password files.

2. It compares the foreign group file entries to the Apollo group entries. If there are no conflicts, it creates Apollo group registry entries corresponding to the foreign groups. (Section 4.11.3 describes what happens if there are conflicts.) Note that the members of the groups are not added at this time, but in Step 4.

3. It compares the entries in the foreign password file to the Apollo person and count entries. Again, if there are no conflicts, it creates Apollo person and ac-count entries corresponding to the foreign file.

4. If there are members in the foreign groups handled in Step 2, it adds them to the

4.11.2 Other Entries Created by importjJasswd

The import_passwd tool modifies only person names, person IDs, group names, group IDs, group members, and account passwords. It does not modify any of the additional information in the registry.

For example, assume you have a foreign password entry for user jack and group staff and an Apollo account entry of jack.staff.none. You run import_passwd with the -i option.

This option tells importyasswd to consider the entries identical. The home directory specified in the foreign network is /usr/u/jack; the home directory specified in the Apollo network is //gimli/jack. The import_passwd tool will not change the Apollo registry to match the foreign home directory. The jack. staff. none entry in the Apollo registry will have a home directory of //gimli/jack, not /usr/u/jack.

If jack. staff. none did not exist in the Apollo registry, import_passwd would create a new registry entry. For the additional information, it assigns the following values:

For Person and Group Entries:

• full name = " (that is, empty).

• owner = Same as the owner of the domain as listed in the registry properties (that is, the owner for new person entries is set to Person Owner, and the owner for new group entries is set to Group Owner.)

• alias/primary = Primary for first entry; alias for subsequent ones.

• projlist_ok (for groups only) = Yes.

• passwd = For groups only, taken from the foreign group file.

• membership list = For new groups only, all persons listed in the foreign group file and all persons with accounts in the foreign password file with that group.

For Account Entries:

• abbreviation = Shortest possible abbreviation that does not conflict with pre-exist-ing Apollo accounts.

• account valid = True.

• gecos = Same as foreign password file.

• homedir = Same as foreign password file.

• shell = Same as foreign password file.

• passwd = Same as foreign password file. Note that you must modify or reset im-ported passwords before user authentication is possible and for the account ^to be usable in a pre-SR10 registry.

• passwd_dtm = Date and time import_passwd was run.

• passwd_valid = True.

4-32 Creating and Maintaining the Registry

4.11.3 Resolving Conflicts

When you use import_passwd, you must decide how to resolve the conflicts it will en-counter. The import_passwd command provides a number of options to help you. If the conflict cannot be resolved even with the option instructions, import_passwd will prompt you for resolution. The options are described in the following subsections.

The Identical User Option

The -i option lets you specify that duplicate names are not in conflict but, instead, repre-sent the same identity. When import_passwd finds duplicate name entries, it processes them as though they are the same user. If you do not use the -i option, import_passwd will prompt you to resolve the name conflict.

The Favored Entry Option

The -a (favor Apollo) and -f (favor foreign) options let you specify whether the Apollo or the foreign entry is the favored entry. A favored entry is retained as is. You are prompted to modify non-favored entries.

For example, suppose you run importyasswd with the -a (favor Apollo) option and without the -i (identical user) option. During processing, the program encounters an Apollo entry of joe 555 and a foreign entry of joe 102. Because the Apollo entry is fa-vored, joe 555 will be retained in the Apollo registry, and you will be prompted for a new UNIX ID (a new name) for joe 102.

The importyasswd command also uses the favored entry to resolve UNIX ID conflicts.

For example, suppose you are running import_passwd with the options described above.

During processing, it encounters an Apollo entry of joe 555 and a foreign entry of ann 555. Because the Apollo entry is favored, importyasswd prompts you for a new UNIX ID for "ann."

Be aware, however, that Apollo reserved entries cannot be modified. (Table 4-2 list the Apollo reserved entries.) The importyasswd command will not modify a reserved entry even if it is the non-favored entry. For example, suppose you are running import_passwd with the foreign entry as the favored entry. During processing, it encounters a foreign group entry of mise 0 and an Apollo group entry of wheel O. Because group wheel 0 is a reserved Apollo entry, you will be be prompted to modify the foreign entry, even though it is the favored entry.

Conflict Summary

Table 4-3 summarizes the effects of the identical user and favored entry options.

Table 4-3. Effects of Identical User and Favored Entry Options

Options Foreign Apollo Result in Comments

Used Entry Entry Apollo Registry

-i, -a joe 102 joe 555 joe 555 Name collision. Retain Apollo entry.

joe 102 ann 102 ann 102 UNIX ID conflict. Request new UNIX ID for joe.

-i, -f joe 102 joe 555 joe 102 Name collision. If 102 already exists in Apollo, prompt for new UNIX ID for that Apollo entry.

joe 102 ann 102 joe 102 UNIX ID conflict. Request new UNIX ID for ann.

-a joe 102 joe 555 joe 555 Name conflict. Request new name for joe 102, and if 102 is already defined in Apollo, a new UNIX ID as well.

joe 102 ann 102 ann 102 UNIX ID conflict. Request new UNIX ID for joe.

-f joe 102 joe 555 joe 102 Name conflict. Request new name for joe 555, and if 102 is already defined in Apollo, prompt for a new UNIX ID for that Apollo entry.

joe 102 ann 102 joe 102 UNIX ID conflict. Request new UNIX ID for ann.

4-34 Creating and Maintaining the Registry