psadmin

NAME

psadmin - Windows command-line utility to manage Password Synchronization

SYNOPSIS

psadmin [computername] [common_option] [add | delete | list]
psadmin [computername] [common_option] config [config_option]

DESCRIPTION

The psadmin Windows command-line utility manages the Password Synchronization component of Identity Management for UNIX, either on a specified computer, or globally. The specific action that psadmin performs depends on the command argument you specify.

In addition to specific command arguments, psadmin accepts the following common options and arguments, represented by common_option in the command synopsis:

Term Definition

-u username

The account name of the user whose password synchronization behavior you want to modify or view.

-p password

The password for the user account whose password synchronization behavior you want to modify or view.

-?

Displays usage information for the command.

The following configuration options are accepted by psadmin:

Term Definition

-comp name

Computer to which configuration options are applied. If -comp is unspecified, Password Synchronization modifies the default configuration settings. If -comp is the only option specified, then Password Synchronization configuration of the specified computer is displayed.

-enable direction

Specifies the direction of password synchronization. The variable direction can contain one of the following values:

WintoUnix: Synchronize password changes from computers that run Windows operating systems to computers that run UNIX operating systems.

UnixToWin: Synchronize password changes from computers that run UNIX operating systems to computers that run Windows operating systems.

BothDir: Enable two-way password synchronization.

-key keyvalue

Sets the encryption and decryption key for the computer specified by -comp. If keyvalue is random, Password Synchronization uses a random encryption key.

-port number

Sets the port number for the specified computer.

-retry number

Specifies the number of retries allowed. Because this option is a global setting, it can be used only when -comp is not used.

-interval secs

Specifies the elapsed time period, in seconds, between retries. Because this option is a global setting, it can be used only when -comp is not used.

-log [yes | no]

Enables or disables logging. Because this option is a global setting, it can be used only when -comp is not used.

-?

Displays psadmin usage and arguments.

The following command arguments are accepted by psadmin:

Term Definition

add computername

Adds the specified computer to the list of computers participating in password synchronization.

delete computername

Deletes the specified computer from the list of computers participating in password synchronization.

list

Displays the list of computers participating in Password Synchronization.

syncSNIS [yes | no]

Enable (yes) or disable (no) automatic synchronization of passwords in the Windows to UNIX direction for all NIS accounts that have been migrated to Active Directory Domain Services (AD DS). If you add the syncSNIS parameter to the psadmin command with a "yes" value, you are prompted to perform the Windows Server 2003 Service Pack 1 (SP1) compatibility check. It is strongly recommended that you perform this check as a security best practice. For more information about the compatibility check, see Best Practices for Password Synchronization.


Table Of Contents