Handling account attributes
You can view the complete list of attributes that Bravura Security Fabric can manage, including native and pseudo-attributes, using in the Manage the system (PSA) module. To do this, select Unix Target from the Manage the system >Resources > Account attributes > Target system type menu.
This section describes the attributes that Bravura Security Fabric uses to compose values, set flags, or control behavior on Unix.
Note
Unix is case-sensitive.
_homedir_option This attribute is currently not used.
_sup_homedir_option This attribute is currently not used.
acct_expiry_date The format of this attribute is YYYY/MM/DD.
acct_inactive The number of days after a password is expired that the account is disabled (if it has not been changed).
gecos This attribute corresponds to the gecos field in the Unix /etc/passwd file. The gecos field contains general information about the user; the exact information depends on your Unix system. By default, the gecos attribute is set to user’s full name, using a PSLang expression.
groups By default, when creating a new Unix account, the groups attribute is copied. A new group is created with the ID of the new user.
The groups attribute is a multi-valued attribute. Each value must be written in the format <group name> (the gid will not work).
If you set this attribute, a new user’s primary group is the first group in the list.
Group IDs containing the symbols # , : , and leading or trailing spaces are invalid and will be disallowed.
pw_change_war The number of days before a password is to expire that the user is warned.
subgroup This attribute is only listed from AIX systems.
uid By default when creating a new Unix account, the uid attribute is ignored. The account is instead given a free UID as determined by the Unix Listener.
See Unique numerical identifiers on Unix systems for more information.
Note
Unix systems do not recognize account attribute sequence numbers and will not have any effect (see Specifying attribute values for more information).
Unique numerical identifiers on Unix systems
On Unix based systems, each account has a unique numerical identifier called a UID. This means the account is not only identified on the system by their login ID, but they are also identified by the assigned UID. Similarly, each group has a unique numerical identifier called a GID.
It is important to keep track of the UIDs and GIDs, especially if you are using Bravura Identity to create and manage accounts/groups on more than one Unix system. This ensures that the numerical identifier is only used once and that the account/group is identified by that number on both systems.