chuser

Parameters

-pw new_password

(Optional) The new designated password that is to be assigned to the user.

Notes:

1. When a person with administrator authority uses this parameter in association with the -unlock parameter, the new password is temporary and expires upon the initial use.
2. When a person without administrator authority uses this parameter, the new password becomes the valid password and replaces the prior password.

new_password

The new password.

The new password must meet the following criteria:

• Must be at least the minimum length as set by an administrator and no longer than 64 characters.
• Must contain at least two types of characters from the three groups: alphabetic, numeric, and symbols.
  • Allowable characters include a-z, A-Z, 0-9, and the symbols!@#$%&*().
• Cannot contain the user ID of the user.

Note: If symbols are contained in your password, you might be required to enclose the password in quotation marks. This prevents any special interpretations or expansions by the operating system shell program.

Note: Even with a valid password, a user cannot interactively log in when all of the following conditions are present:

• The version of DS CLI used is pre-R6.1
• Entering the password without either the -passwd or -pwfile parameters
• The DS CLI is operating in the Windows (all versions) or NetWare environments
• The password contains anything other than alphabetic or numeric characters (that is, symbols)

But if any of these conditions are not present, then the user should not encounter any problems in logging in with a valid password.

-lock

(Optional) Locks a user account.

A person with administrator authority can use this parameter to lock a user account. The locking action occurs when the user authenticates the account. If a user is already active (authenticated) and is using the DS CLI, the lock does not occur until logout.

-unlock

(Optional) Unlocks a user account.

A person with administrator authority can use this parameter to unlock a user account when the user can no longer log in to the DS CLI. A person might not be able to log in to the DS CLI for the following reasons:

• The user forgot the password and in an attempt to log in went beyond the set number of allowable attempts. Going beyond the set limit locks the user account.
  Note: When unlocking a user account for this scenario, the administrator must also assign a new password to the user using the -pw parameter. The new password is temporary and immediately expires after its initial use. The administrator must notify the user of this new password.
• Someone with administrator authority has locked the user account.

-group group_name [ ... ]

(Optional) A user's access authority group or groups. A user can be assigned to many of the following user groups:

• admin (Administrator)
• ibm_engineering (Engineer)
• op_storage (Physical Operator)
• op_volume (Logical Operator)
• op_copy_services (Copy Services Operator)
• secadmin (Security Administrator)
• ibm_service (Service)
• monitor (Monitor)
• no_access (No Access)

-pol pol_name

(Optional) The name of the basic authentication policy. This parameter is optional if you have authenticated with a 'basic' authentication policy type, but it is required if you are authenticated with another type of authentication policy.

-scope user_resource_scope

(Optional) The user resource scope, which must meet the following criteria:

• Must be 1 to 32 characters long
• The characters are limited to upper and lower case alphabetic, numeric, and the special characters, dash ( - ), underscore ( _ ), and period ( . ). You can also define the scope as a single asterisk ( * ).

user_name | -

(Required) The name of the user account.

Notes:

1. The administrator inserts the name of the user account that is affected by the changes (that is, group name, lock, or unlocking).
2. Users who are changing their passwords can insert their user names.

If you use the dash (-), the specified value is read from standard input. You cannot use the dash (-) while you are in the DS CLI interactive command mode.