Administrator ID and password

When you run the installation program, you can specify an existing user ID and password to use for the administrator ID or allow the installation program to create the user ID and password. If the installation program creates the user ID, it assigns all required user rights.

Non-root and non-administrator users

If you run the installation program as a non-root user on Linux or as a non-administrator ID on Windows, the program uses the logged in user ID as the Annotation Administration Console administrator ID. You cannot change this value and you cannot select the option to have the program create the administrator ID for you.

If you use an existing user ID for the Annotation Administration Console administrator ID, the ID can contain letters, digits, and the underscore character. The ID cannot contain other special characters and the ID must begin with a letter. The ID cannot contain characters from the double byte character set (DBCS). Only ASCII characters are supported.

If you install the product as a non-root user, the installation program warns you that this approach has limitations. If you cannot accept the following limitations, click Quit to exit the installation program. If the limitations are acceptable and you want to continue installing the product with a non-root user ID, click Ignore:

You cannot use well-known ports (0-1024) for the Annotation Administration Console ports, such as the common communication layer (CCL) port and data storage port.
The CCL service cannot be registered as a Windows service or in inittab on Linux, and the service is not started automatically.
On Linux, the administrative user ID and password cannot be validated if the targetpw option is set for the sudo command. In this case, you must skip user validation by specifying the following option:
$IGNORE_UID_PASSWORD$. ./install.bin -D$IGNORE_UID_PASSWORD$=true

Special character restrictions

Ensure that the administrator ID and password conform to the following requirements.

User IDs

If you use an existing user ID for the administrator ID, and an ID that is not a Windows domain ID, ensure that the ID contains only letters, digits, and underscore characters. The user ID cannot contain other special characters and the user ID must begin with a letter. The user ID cannot contain characters from the double byte character set (DBCS). Only ASCII characters are supported.

Passwords

You can use the following special characters in passwords:

 ! @ # $ % ^ & * () - _ = + , . / < > ?

Windows domain IDs

If you want to use a Windows domain user account for the default administrative user, you must create the domain ID in advance. The default application administrator ID must be either a local ID or a domain ID with a local profile. A domain ID with a roaming profile is not supported.

The administrator ID can contain letters, digits, the @ character, and the . (period) character. The ID cannot contain other special characters and the ID must begin with a letter. The ID cannot contain characters from the double byte character set (DBCS). Only ASCII characters are supported.

When you install the product, specify the existing domain ID as the default administrator ID in the following format:

user_name@fully_qualified_domain_name

Local ID or domain ID with a local profile: For a local user ID or a domain ID with a local profile, the user's local profile is stored on the local computer. Any changes that are made to the local user profile are specific to the computer on which the changes are made. These IDs are the only types of IDs that can be used as the default administrator ID.
To obtain domain privileges for an ID, you can add the local user ID that you use for the administrator ID to a domain. If you add the local user ID to a domain, however, you must ensure that the domain security policies do not override the local domain policies (user rights) that are required by Annotation Administration Console.
Domain ID: For a domain ID with a roaming profile, a copy of the user's local profile is stored on a shared server. This shared profile, which is known as a roaming user profile, is downloaded whenever the user logs on to any computer on the network. Changes that are made to the profile are synchronized with the server copy when the user logs off. The default Annotation Administration Console administrator ID cannot be this type of user ID.

Domain policies (required user rights)

If you install the product on Windows and specify an existing user ID for the administrator ID, any domain policies that are in effect are not changed by the installation program. For example, the installation program will attempt to grant the user ID the authority to act as part of the operating system. If a domain policy denies that right, then the user ID will not have the required authority. Ensure that the domain policies do not deny the following user rights, which are required for administering the system:

Act as part of the operating system
Lock pages in memory
Create a token object
Replace a process level token
Impersonate a client after authentication
Increase quotas (In Windows 2008, this option is labeled Adjust memory quotas for a process.)
Log on as a service

If an attempt to install the product fails because these user rights are not correctly assigned, you must remove the software. You must assign the correct user rights to the user ID that you use to install the product and run the installation program again.

Directory permissions

The administrator ID must have read and execute permissions for the parent directories of the installation and data directories. For example, if the installation directory (ES_INSTALL_ROOT) is the /opt/IBM/es directory, then the administrator ID must have read and execute permissions for the /opt and /opt/IBM directories.