Setting extended attributes
To set an extended attribute for an individual user, you can use adedit commands.
For example, to set the value of the extended attributes aix.ttys and aix.rlogin for the user joe, you might run commands similar to the following after binding to a domain and selecting a zone:
select_zone_user joe@ajax.centrify.test set_zone_user_field aix.ttys r1,r2,r3 set_zone_user_field aix.rlogin true
To verify the value of the extended attributes you have set, you might run commands similar to the following:
get_zone_user_field aix.ttys r1,r2,r3 save_zone_user
You can also use adedit abbreviations to set and get extended attribute values. For example:
slzu joe@ajax.centrify.test szuf aix.fsize 209715 szuf aix.core 2097151 szuf aix.cpu -1 szuf aix.data 262144
Alternatively, you can also use configuration parameters to supplement the settings in the AIX /etc/security/user file. For example, if you have not explicitly defined the aix.rlogin attribute in /etc/security/user, you can set the following parameter in the centrifydc.conf file:
aix.user.attr.rlogin: false
You can use adquery and the keyword help to view a list of the supported extended attributes. For example:
adquery user --extattr help