Setting extended attributes

To set an extended attribute for an individual user, you can use adedit commands.

For example, to set the value of the extended attributes aix.ttys and aix.rlogin for the user joe, you might run commands similar to the following after binding to a domain and selecting a zone:

select_zone_user joe@ajax.centrify.test
set_zone_user_field aix.ttys r1,r2,r3
set_zone_user_field aix.rlogin true

To verify the value of the extended attributes you have set, you might run commands similar to the following:

get_zone_user_field aix.ttys
r1,r2,r3
save_zone_user

You can also use adedit abbreviations to set and get extended attribute values. For example:

slzu joe@ajax.centrify.test
szuf aix.fsize 209715
szuf aix.core 2097151
szuf aix.cpu -1
szuf aix.data 262144

Alternatively, you can also use configuration parameters to supplement the settings in the AIX /etc/security/user file. For example, if you have not explicitly defined the aix.rlogin attribute in /etc/security/user, you can set the following parameter in the centrifydc.conf file:

aix.user.attr.rlogin: false

You can use adquery and the keyword help to view a list of the supported extended attributes. For example:

adquery user --extattr help