PreviousNext

account create

Creates a new account in the registry database. The syntax is:

account create account_name_list
-mypwd password -password password
-group group_name -organization organization_name
[-attribute attribute_list | attribute options]

Options

-attribute value
As an alternative to using the -attribute option with an attribute list, you can specify individual attribute options by prepending a hyphen (-) to any attributes listed in the Attributes topic in this reference page.

-attribute attribute_list
Allows you to specify attributes by using an attribute list rather than using the -attribute value option. The format of an attribute list is as follows:
{{attribute value}{attribute value}}

-group group_name
The name of the group to associate with the account. See Account Attributes for the format of a group name.

-mypwd password
Your DCE privileged password. You must enter your privileged password to create an account. This check prevents a malicious user from using an existing privileged session to create unauthorized accounts. You must specify this option on the command line; it cannot be supplied in a script.

-organization organization_name
The name of the organization associated with the account. See Account Attributes for the format of an organization name.

-password password
The DCE account password. See Account Attributes for the format of a password.

Description
The account create operation creates a new account. The account_name_list argument is a list of names of principals for which the accounts are to be created. This operation returns an empty string on success.

You must specify the group, organization, password, and mypwd attributes on the command line (either in an attribute list or with attribute options). The attributes specified are applied to all accounts created.

To protect the account password being entered, the account create command can be entered only from within the dcecp program. You cannot enter this command from the operating system prompt by using dcecp with the -c option.

Before you can create a new account, you must create a principal using the principal create command. Then you must add the principal to an existing group and organization using the group add and organization add commands.

Privileges Required
You must have the following permissions:

· gmau (groups, mgmt_info, auth_info, and user_info ) permissions to the principal named in the account

· rrM (read, test, Member_list) permissions to the organization named in the account

· tM (test, Member_list) permissions to the group named in the account

· r (read) permission on the registry policy object

Examples

dcecp> principal create John_Hunter
dcecp> group add users -member John_Hunter
dcecp> organization add users -member John_Hunter
dcecp> account create John_Hunter -group users -organization users \
> -mypwd my.secret.password -password change.me \
dcecp>