epadmin-user
epadmin user target — Manages user names in a local authentication realm.
DESCRIPTION
Use the user target to manage user names, passwords, and roles in a local authentication realm. The TIBCO Streaming security model is documented in StreamBase Security Model.
The user target has four commands:
The designation [ in syntax examples is a reminder that this
command requires either the global parameter sn|ad]‑‑servicename or the ‑‑adminport and
‑‑hostname combination to identify the node or cluster
of interest.
epadmin add user
Adds a user to the specified or default local authentication realm.
epadmin[add user --username=auser --roles=monitor epadminsn|ad][add user --username=auser --password=supersecret --roles=monitor,administrator --locked epadminsn|ad][add user --username=auser --roles=monitor --passwordexpirationdays=10 epadminsn|ad][add user --username=auser --roles=monitor --realm=my-local-authentication-realmsn|ad]
| Command Parameter | Description | Required |
|---|---|---|
locked
|
Boolean to lock the user's account. true locks
the account, false leaves the account
unlocked.
|
No. The default value is false.
|
password
|
Password. If not provided, a prompt is displayed. | Yes. |
passwordexpirationdays
|
Password expiration time, in days. A value of 0 means that the password does not expire. | No. The default value is 0. |
realm
|
Add user to this local authentication realm. |
No. The default value is default-realm.
|
roles
|
Comma separated list of roles to which this user belongs. | Yes. At least one must be specified. |
username
|
User name. | Yes. |
epadmin display user
Displays local authentication realm user names and their settings. Several lines of the output refer to settings of the account lockout feature.
epadmin[display user epadminsn|ad][display user --realm=my-local-auth-realmsn|ad]
Example:
epadmin --servicename=A.sbuser display user
[A.sbuser] Realm Name = default-realm
[A.sbuser] User Name = bwright
[A.sbuser] Password Expiration (Days) = 0
[A.sbuser] Account Locked = false
[A.sbuser] Lock Reason = not currently locked
[A.sbuser] Time Remaining Before Auto-Unlock (minutes) = disabled
[A.sbuser] Failed Login Lockout Threshold = disabled
[A.sbuser] Failed Login Lockout Duration (minutes) = disabled
[A.sbuser] Roles = administrator, switchadmin
[A.sbuser] Authentication via Secure Communication Allowed = true
[A.sbuser] Password Always Required = false
[A.sbuser] Trusted Host Membership Required of Client = false
| Command Parameter | Description | Required |
|---|---|---|
realm
|
Filter output to a specific realm. | No. All local authentication realms are displayed by default. |
epadmin remove user
Removes a user from the specified or default local authentication realm.
epadmin[remove user --username=auser epadminsn|ad][remove user --username=auser --realm=my-local-auth-realmsn|ad]
| Command Parameter | Description | Required |
|---|---|---|
realm
|
Remove user from this local authentication realm. |
No. The default value is default-realm.
|
username
|
User name. | Yes. |
epadmin update user
Updates an existing user's account values.
Note
This command cannot be used to change a user's password. Use epadmin-password(1) command to change a user's password.
epadmin[update user --username=auser --roles="monitor,administrator" epadminsn|ad][update user --username=auser --locked=false epadminsn|ad][update user --username=auser --roles=monitor --passwordexpirationdays=20 epadminsn|ad][update user --username=auser --roles=monitor --realm=my-local-auth-realm --lockedsn|ad]
| Command Parameter | Description | Required |
|---|---|---|
locked
|
Boolean to lock the user's account. true locks
the account, false unlocks the account. A user
account can be locked interactively with this command, or if the number of
login attempts exceeds the number set in the node's configuration, if any.
See account lockout feature in the StreamBase Administration Guide.
|
No. The default value is false.
|
passwordexpirationdays
|
Password expiration time, in days. A value of 0 means that the password does not expire. | No. The default value is 0. |
realm
|
Update the specified user in this local authentication realm. |
No. The default value is default-realm.
|
roles
|
Comma-separated list of roles for this user. | Yes. At least one must be specified. |
username
|
User name. | Yes. |