HP UX Internet Express Software manual Overview of User Accounts, User Administration

•Change an account's password (see Section : Changing the Password for an Account)

•Change an account's mail service (see Section : Changing Mail Services for Users)

•Manage the iass account (see Section : Managing the iass Account)

•Allow users to self-manage their accounts (see Section : Managing the User Self-Administration Feature)

Overview of User Accounts

The Administration utility supports the management of the following types of user accounts:

•Captive accounts for named users—You can create captive accounts for individual users (Section : Creating Captive Accounts for Named Users). This function is useful to create a small number of specifically named accounts. You can specify passwords or let the system generate them for you.

•Captive accounts for generic users—Using a batch process, you can create a large number of generically named accounts with system-generated passwords (Section : Creating Captive Accounts for Generic Users).

•Noncaptive accounts for system users—You can create standard UNIX accounts for individual system users (Section : Creating a Noncaptive Account for a UNIX System User).

Notes:

By default, the user accounts are created with regular delivery mail service. To change a user's mail service, see Section : Changing Mail Services for Users.

On a system using the Network Information Services (NIS), you cannot create a user name that conflicts with an NIS user name even if that name does not exist in your local /etc/passwd file.

Be sure to periodically check the contents of the ~iass/.users.list file to purge obsolete users and passwords (see Section : Purging Obsolete Passwords).

When you create any user account (captive or noncaptive, named or generic), you can elect to have the account information stored in an LDAP directory (if you are using an LDAP directory server on your system).

The users of the captive accounts that you create have access to the Internet services you install on your system. The accounts are called captive because the user is restricted to a predefined menu of functions (through either a standalone terminal or terminal emulation on a PC), which provides access to the following services and functions:

•Electronic mail—Send and receive e-mail from other users on the Internet, including those who use the local system as their e-mail server for POP3 or IMAP clients.

•News—Use terminal-type news readers.

•World Wide Web—Use a character-cell Web browser (Lynx) or a graphical Web browser (if it is installed and the DISPLAY environment variable is set).

•Change Password—Change the current login password for the user's account.

•User's Guide—Read an online version of the Internet Services User's Guide, which explains how to access and use mail, news, and the Web browser.

Internet Express captive account users cannot access the Tru64 UNIX shell.

The user of a noncaptive UNIX account that you create has access to the shell and enjoys all privileges of the groups to which the user is assigned.

Accounts are not required for any users who will access your system using only Web browsers or news clients. Remember that user accounts are system resources and must be managed to ensure system security. Create new noncaptive user accounts judiciously.

38 User Administration