Use this command to change the password or contact information
for an administrator. However, you cannot update the SERVER_CONSOLE
administrator name.
Passwords for administrators
must be changed after a length of time determined by the SET
PASSEXP command. The SET PASSEXP command
does not affect passwords that authenticate with an LDAP directory
server.
Restriction: You cannot update the authentication
method for your own user ID. If necessary, another administrator must
make that change. Also, when updating a password with the UPDATE
ADMIN command, you cannot use a wildcard with the admin_name parameter.
Administrators
with the same name as a node can be created during a REGISTER
NODE command. If you do not specify a name, the administrator
is given the same name as the node. To keep the node and administrator
with the same name synchronized, the authentication method and the SSLREQUIRED setting
for the node are updated to match the administrator. If the administrator
authentication method is changed from LOCAL to LDAP and
a password is not provided, the node is put in "LDAP pending" status.
A password is then requested at the next logon. Passwords between
same-named nodes and administrators are kept in sync through any authentication
change.
You must use the RENAME ADMIN command
to change the name of a registered administrator.
Privilege class
To issue this command to
change another administrator ID password or contact information, you
must have system privilege. Any administrator can issue this command
to update his or her own password or contact information.
Syntax
(1) (2)
>>-UPDate Admin------admin_name------+----------+--------------->
'-password-'
>--+------------------+--+------------------+------------------->
'-PASSExp--=--days-' '-CONtact--=--text-'
>--+--------------------------+--------------------------------->
'-FORCEPwreset--=--+-No--+-'
'-Yes-'
>--+------------------------------+----------------------------->
'-EMAILADdress--=--userID@node-'
>--+------------------------------+----------------------------->
'-AUTHentication--=--+-LOcal-+-'
'-LDap--'
>--+-----------------------------+------------------------------>
'-SSLrequired--=--+-Yes-----+-'
+-No------+
'-DEFault-'
(3)
.-SYNCldapdelete------=--No--.
>--+----------------------------+--+-------------------+-------><
'-SYNCldapdelete--=--+-Yes-+-' '-ALert--=--+-Yes-+-'
'-No--' '-No--'
Notes:
- You must specify at least one optional parameter on this
command.
- Passwords are optional for this command,
except when changing the authentication method from LDAP to LOCAL.
- The SYNCldapdelete parameter applies
only if an administrator authenticating to an LDAP directory server
reverts to local authentication. If other servers use the same namespace,
specify SYNCLDAPDELETE=no. If the LDAP entry is to
be deleted to synchronize with the IBM® Tivoli® Storage Manager server
database, select YES.
Parameters
- admin_name (Required)
- Specifies the name of the administrator to be updated.
- password
- Specifies the administrator's password. This parameter is
optional for most cases. If the administrator authentication method
is changed from LDAP to LOCAL, a password is required. Passwords remain
current for a period determined by the password expiration period.
- PASSExp
- Specifies the number of days the password remains valid. You can
set the password expiration period from 0 to 9999 days. A value of
0 means that the password never expires. This parameter is optional.
If you do not specify this parameter, the password expiration period
is unchanged. This parameter does not apply to passwords that are
stored on an LDAP directory server.
- CONtact
- Specifies a text string that identifies the administrator. This
parameter is optional. Enclose the text string in quotation marks
if it contains any blanks. To remove previously defined contact information,
specify a null string ("").
- FORCEPwreset
- Specifies whether the administrator is required to change or reset
the password. This parameter is optional. Possible values are:
- No
- Specifies that the administrator does not need to change or reset
the password while attempting to sign on to the server. The password
expiration period is set by the SET PASSEXP command.
- Yes
- Specifies that the administrator's password will expire at
the next sign on. The administrator must change or reset the password
at that time. If a password is not specified, you will receive a syntax
error.
- EMAILADdress
- This parameter is used for additional contact information. The
information specified by this parameter is not acted upon by Tivoli Storage
Manager.
- AUTHentication
- This parameter determines the password authentication method that
the administrator ID uses; either LDAP or LOCAL.
- LOcal
- Specifies that the administrator uses the local Tivoli Storage
Manager server database
to store passwords for authentication.
- LDap
- Specifies that the administrator uses an LDAP directory server
for password authentication.
- SSLrequired
- Specifies whether the administrator user ID must use Secure Sockets
Layer (SSL) to communicate between the Tivoli Storage
Manager server and
the backup-archive client. When you authenticate passwords with an
LDAP directory server, you must protect the sessions by using SSL
or another network security method.
- Yes
- SSL is required.
- No
- SSL is not required.
- DEFault
- SSL is required for an administrator if the password that is associated
with its user ID authenticates with an LDAP directory server. SSL
is not required for an administrator ID that authenticates its password
with the Tivoli Storage
Manager server
(LOCAL).
- SYNCldapdelete
- This parameter applies only if an administrator who authenticates
to an LDAP directory server wants to revert to local authentication.
If an entry is being used by another server and sharing a namespace
in the LDAP directory server, select NO. If you want to synchronize
an entry to a Tivoli Storage
Manager server,
and the entry is not used by another server or sharing a namespace,
select YES. The default is NO.
- ALert
- Specifies whether alerts are sent to an administrators email address.
- Yes
- Specifies that alerts are sent to the specified administrators
email address.
- No
- Specifies that alerts are not sent to the specified administrators
email address. This is the default value.
Tip: Alert monitoring must be enabled,
and email settings must be correctly defined to successfully receive
alerts by email. To view the current settings, issue the QUERY
MONITORSETTINGS command.
Example: Update a password and password expiration
period
Update the administrator LARRY to have the password
SECRETWORD and a password expiration period of 120 days. The administrator
in this example is authenticated to the
Tivoli Storage
Manager server.
The password is not case-sensitive.
update admin larry secretword passexp=120
Example: Change the administrator’s authentication
method and update the password
Update the administrator LARRY
to authenticate to an LDAP directory server and have the password
SeCre#Tw0rd.
update admin larry SeCre#Tw0rd authentication=ldap
Password
expiration does not apply to LDAP-authenticated passwords.