Setting extended attributes

AIX provides extended user and group attributes that enable administrators to specify user or group characteristics, such as the ability to login remotely to a user account, use the system resource controller (SRC) to execute programs, and so on. You can define these attributes for specific users and groups or for all user and group accounts on a local computer by editing specific configuration files such as /etc/security/user, /etc/security/group, and /etc/security/limits. The specific extended attributes available depend on the version of AIX you are using. For information about the extended attributes available for users and groups, see the AIX documentation for the security configuration files.

You can centralize administration of AIX computers by setting extended attributes for individual AIX users and groups in Active Directory. You can also set configuration parameters to set default extended attribute values for all Active Directory users or groups on a particular AIX computer.

Note:   Certain extended attributes, such as the system privileges, or capabilities attributes, are only supported by methods in the Loadable Authentication Module (LAM) version 5.2 or later.

The agent configuration file can include AIX configuration parameters that correspond to AIX extended attributes. For example:

AIX attribute Parameter
admin
aix.user.attr.admin
daemon
aix.user.attr.daemon 
rlogin
aix.user.attr.rlogin
su
aix.user.attr.su

Each configuration parameter has a hard-coded default value. You can edit the centrifydc.conf configuration file on any computer to change its default value. You should note that changes you make in the centrifydc.conf file only affect Active Directory users and groups. The settings do not affect local users or groups. Local users and groups get their extended attributes from the settings in the AIX configuration files, such as /etc/security/user and /etc/security/limits.