Purpose
Creates a new domain.
Description
The mkdom command creates
a new domain in the domain database. The domain attributes can be
set during the domain creation phase by using the Attribute = Value parameter.
When
the system is operating in the enhanced Role Based Access Control (RBAC) mode, modifications
made to the domain database are not used for security considerations
until the database is sent to the kernel security tables by using
the setkst command.
Note: The domain id value can be lesser
than or equal to 1024. The mkdom command enables you to create
1024 domains on the system.
If the system is configured to use multiple authentication load modules for the
role-based access control (RBAC) domain database, the new RBAC domain is created in the first load
module specified by the secorder attribute in the domains stanza
of the /etc/nscontrol.conf file. Use the -R flag to create
an RBAC domain in a specific authentication load module.
Flags
| Item |
Description |
| -R
load_module |
Specifies the loadable module that is to be used when you create an RBAC domain. |
Parameters
| Item |
Description |
| Attribute = Value |
Initializes a domain attribute. See the chdom command
for valid attributes and values. |
| Name |
Specifies a unique domain name string. |
Restrictions on creating domain names: The
Name parameter specified
must be unique and is limited to a 63 single-byte printable character.
While the
mkdom command supports multibyte domain names, it
is recommended that you restrict domain names to characters within
the POSIX portable file name character set. Domain names must not
begin with a - (dash), + (plus sign), @ (at sign), or ~ (tilde) and
must not contain any space, tab, or new-line characters. You cannot
use the keywords ALL, default, ALLOW_OWNER, ALLOW_GROUP, ALLOW_ALL
or * as a domain name. Additionally, do not use any of the following
characters within a domain string:
| Item |
Description |
| : |
Colon |
| " |
Double quotation mark |
| # |
Number sign |
| , |
Comma |
| = |
Equal sign |
| \ |
Backslash |
| / |
Forward slash |
| ? |
Question mark |
| ' |
Single quotation marks |
| ` |
Grave accent |
Security
The
mkdom command is a
privileged command. Callers of the command must have activated a role
that has the following authorization to run the command successfully.
| Item |
Description |
| aix.security.domains.create |
Required to run the command. |
Files Accessed
| Item |
Description |
| File |
Mode |
| /etc/security/domains |
rw |
Examples
- To create a domain
hrdom and to have the mkdom command
assign an appropriate ID value, enter the following command:mkdom hrdom
- To create a custom domain in Lightweight Directory Access Protocol (LDAP), enter
the following command:
mkdom -R LDAP custom