HP OpenVMS Systems Documentation
OpenVMS System Management Utilities Reference Manual
Specify hours as integers from 0 to 23, inclusive. You can specify single hours (n) or ranges of hours (n-m). If the ending hour of a range is earlier than the starting hour, the range extends from the starting hour through midnight to the ending hour. The first set of hours after the keyword PRIMARY specifies hours on primary days; the second set of hours after the keyword SECONDARY specifies hours on secondary days. Note that hours are inclusive; that is, if you grant access during a given hour, access extends to the end of that hour.
By default, a user has full access every day. See the DCL command SET DAY in the OpenVMS DCL Dictionary for information about overriding the defaults for primary and secondary day types.
All the list elements are optional. Unless you specify hours for a day type, access is permitted for the entire day. By specifying an access time, you prevent access at all other times. Adding NO to the qualifier denies the user access to the system for the specified period of time. See the following examples.
To specify access hours for specific types of access, see the /BATCH, /DIALUP, /INTERACTIVE, /LOCAL, /NETWORK, and /REMOTE qualifiers.
/ACCOUNT=account-nameSpecifies the default name for the account (for example, a billing name or number). The name can be a string of 1 to 8 alphanumeric characters. By default, AUTHORIZE does not assign an account name.
/NOADD_IDENTIFIERAdds a user (user name and account name) to the rights database. The /NOADD_IDENTIFIER does not create a rights list identifier (user name and account name).
/ALGORITHM=keyword=type [=value]Sets the password encryption algorithm for a user. The keyword VMS refers to the algorithm used in the operating system version that is running on your system, whereas a customer algorithm is one that is added through the $HASH_PASSWORD system service by a customer site, by a layered product, or by a third party. The customer algorithm is identified in $HASH_PASSWORD by an integer in the range of 128 to 255. It must correspond with the number used in the AUTHORIZE command MODIFY/ALGORITHM. By default, passwords are encrypted with the VMS algorithm for the current version of the operating system.
The following table lists password encryption algorithms:
The following example selects the VMS algorithm for Sontag's primary password:
If you select a site-specific algorithm, you must give a value to identify the algorithm, as follows:
/ASTLM=valueSpecifies the AST queue limit, which is the total number of asynchronous system trap (AST) operations and scheduled wake-up requests that the user can have queued at one time. The default is 40 on VAX systems and 250 on Alpha systems.
/BATCH[=(range[,...])]Specifies the hours of access permitted for batch jobs. For a description of the range specification, see the /ACCESS qualifier. By default, a user can submit batch jobs any time.
/BIOLM=valueSpecifies a buffered I/O count limit for the BIOLM field of the UAF record. The buffered I/O count limit is the maximum number of buffered I/O operations, such as terminal I/O, that can be outstanding at one time. The default is 40 on VAX systems and 150 on Alpha systems.
/BYTLM=valueSpecifies the buffered I/O byte limit for the BYTLM field of the UAF record. The buffered I/O byte limit is the maximum number of bytes of nonpaged system dynamic memory that a user's job can consume at one time. Nonpaged dynamic memory is used for operations such as I/O buffering, mailboxes, and file-access windows. The default is 32768 on VAX systems and 64000 on Alpha systems.
/CLI=cli-nameSpecifies the name of the default command language interpreter (CLI) for the CLI field of the UAF record. The cli-name is a string of 1 to 31 alphanumeric characters and should be either DCL or MCR. The default is DCL. This setting is ignored for network jobs.
/CLITABLES=filespecSpecifies user-defined CLI tables for the account. The filespec can contain 1 to 31 characters. The default is SYS$LIBRARY:DCLTABLES. Note that this setting is ignored for network jobs to guarantee that the system-supplied command procedures used to implement network objects function properly.
/CPUTIME=timeSpecifies the maximum process CPU time for the CPU field of the UAF record. The maximum process CPU time is the maximum amount of CPU time a user's process can take per session. You must specify a delta time value. For a discussion of delta time values, refer to the OpenVMS User's Manual. The default is 0, which means an infinite amount of time.
/DEFPRIVILEGES=([NO]privname[,...])Specifies default privileges for the user; that is, those enabled at login time. A NO prefix removes a privilege from the user. By specifying the keyword [NO]ALL with the /DEFPRIVILEGES qualifier, you can disable or enable all user privileges. The default privileges are TMPMBX and NETMBX. Privname is the name of the privilege.
/DEVICE=device-nameSpecifies the name of the user's default device at login. The device-name is a string of 1 to 31 alphanumeric characters. If you omit the colon from the device-name value, AUTHORIZE appends a colon. The default device is SYS$SYSDISK.
If you specify a logical name as the device-name (for example, DISK1: for DUA1:), you must make an entry for the logical name in the LNM$SYSTEM_TABLE in executive mode by using the DCL command DEFINE/SYSTEM/EXEC.
/DIALUP[=(range[,...])]Specifies hours of access permitted for dialup logins. For a description of the range specification, see the /ACCESS qualifier. The default is full access.
/DIOLM=valueSpecifies the direct I/O count limit for the DIOLM field of the UAF record. The direct I/O count limit is the maximum number of direct I/O operations (usually disk) that can be outstanding at one time. The default is 40 on VAX systems and 150 on Alpha systems.
/DIRECTORY=directory-nameSpecifies the default directory name for the DIRECTORY field of the UAF record. The directory-name can be 1 to 39 alphanumeric characters. If you do not enclose the directory name in brackets, AUTHORIZE adds the brackets for you. The default directory name is [USER].
/ENQLM=valueSpecifies the lock queue limit for the ENQLM field of the UAF record. The lock queue limit is the maximum number of locks that can be queued by the user at one time. The default is 200 on VAX systems and 2000 on Alpha systems.
/NOEXPIRATIONSpecifies the expiration date and time of the account. The /NOEXPIRATION qualifier removes the expiration date on the account or resets the expiration time for expired accounts. The default expiration time period is 90 days for nonprivileged users.
/FILLM=valueSpecifies the open file limit for the FILLM field of the UAF record. The open file limit is the maximum number of files that can be open at one time, including active network logical links. The default is 300 on VAX systems and 100 on Alpha systems.
/FLAGS=([NO]option[,...])Specifies login flags for the user. The prefix NO clears the flag. The options are as follows:
/NOGENERATE_PASSWORD (default)Invokes the password generator to create user passwords. Generated passwords can consist of 1 to 10 characters. Specify one of the following keywords:
When you modify a password, the new password expires automatically; it is valid only once (unless you specify /NOPWDEXPIRED). On login, users are forced to change their passwords (unless you specify /FLAGS=DISFORCE_PWD_CHANGE).
Note that the /GENERATE_PASSWORD and /PASSWORD qualifiers are mutually exclusive.
/NOINTERACTIVESpecifies the hours of access for interactive logins. For a description of the range specification, see the /ACCESS qualifier. By default, there are no access restrictions on interactive logins.
/JTQUOTA=valueSpecifies the initial byte quota with which the jobwide logical name table is to be created. By default, the value is 4096 on VAX systems and 4096 on Alpha systems.
/LGICMD=filespecSpecifies the name of the default login command file. The file name defaults to the device specified for /DEVICE, the directory specified for /DIRECTORY, a file name of LOGIN, and a file type of .COM. If you select the defaults for all these values, the file name is SYS$SYSTEM:[USER]LOGIN.COM.
/LOCAL[=(range[,...])]Specifies hours of access for interactive logins from local terminals. For a description of the range specification, see the /ACCESS qualifier. By default, there are no access restrictions on local logins.
/MAXACCTJOBS=valueSpecifies the maximum number of batch, interactive, and detached processes that can be active at one time for all users of the same account. By default, a user has a maximum of 0, which represents an unlimited number.
/MAXDETACH=valueSpecifies the maximum number of detached processes with the cited user name that can be active at one time. To prevent the user from creating detached processes, specify the keyword NONE. By default, a user has a value of 0, which represents an unlimited number.
/MAXJOBS=valueSpecifies the maximum number of processes (interactive, batch, detached, and network) with the cited user name that can be active simultaneously. The first four network jobs are not counted. By default, a user has a maximum value of 0, which represents an unlimited number.
/NETWORK[=(range[,...])]Specifies hours of access for network batch jobs. For a description of how to specify the range, see the /ACCESS qualifier. By default, network logins have no access restrictions.
/OWNER=owner-nameSpecifies the name of the owner of the account. You can use this name for billing purposes or similar applications. The owner name is 1 to 31 characters. No default owner name exists.
/NOPASSWORDSpecifies up to two passwords for login. Passwords can be from 0 to 32 characters in length and can include alphanumeric characters, dollar signs, and underscores. Avoid using the word password as the actual password. Use the /PASSWORD qualifier as follows:
When you modify a password, the new password expires automatically; it is valid only once (unless you specify /NOPWDEXPIRED). On login, the user is forced to change the password (unless you specify /FLAGS=DISFORCE_PWD_CHANGE).
Note that the /GENERATE_PASSWORD and /PASSWORD qualifiers are mutually exclusive.
By default, the ADD command assigns the password USER. When you create a new UAF record with the COPY or RENAME command, you must specify a password. Avoid using the word password as the actual password.
/PBYTLMThis flag is reserved for Compaq.
/PGFLQUOTA=valueSpecifies the paging file limit. This is the maximum number of pages that the person's process can use in the system paging file. By default, the value is 32768 pages on VAX systems and 50000 pagelets on Alpha systems.
If decompressing libraries, make sure to set PGFLQUOTA to twice the size of the library.
/PRCLM=valueSpecifies the subprocess creation limit. This is the maximum number of subprocesses that can exist at one time for the specified user's process. By default, the value is 2 on VAX systems and 8 on Alpha systems.
/PRIMEDAYS=([NO]day[,...])Defines the primary and secondary days of the week for logging in. Specify the days as a list separated by commas, and enclose the list in parentheses. To specify a secondary day, prefix the day with NO (for example, NOFRIDAY). To specify a primary day, omit the NO prefix.
By default, primary days are Monday through Friday and secondary days are Saturday and Sunday. If you omit a day from the list, AUTHORIZE uses the default value. (For example, if you omit Monday from the list, AUTHORIZE defines Monday as a primary day.)
Use the primary and secondary day definitions in conjunction with such qualifiers as /ACCESS, /INTERACTIVE, and /BATCH.
/PRIORITY=valueSpecifies the default base priority. The value is an integer in the range of 0 to 31 on VAX systems and 0 to 63 on Alpha systems. By default, the value is set to 4 for timesharing users.
/PRIVILEGES=([NO]privname[,...])Specifies which privileges the user is authorized to hold, although these privileges are not necessarily enabled at login. (The /DEFPRIVILEGES qualifier determines which ones are enabled.) A NO prefix removes the privilege from the user. The keyword NOALL disables all user privileges. Many privileges have varying degrees of power and potential system impact (see the OpenVMS Guide to System Security for a detailed discussion). By default, a user holds TMPMBX and NETMBX privileges. Privname is the name of the privilege.
/NOPWDEXPIREDSpecifies the password is valid for only one login. A user must change a password immediately after login or be locked out of the system. The system warns users of password expiration. A user can either specify a new password, with the DCL command SET PASSWORD, or wait until expiration and be forced to change. By default, a user must change a password when first logging in to an account. The default is applied to the account only when the password is being modified.
/NOPWDLIFETIMESpecifies the length of time a password is valid. Specify a delta time value in the form [dddd-] [hh:mm:ss.cc]. For example, for a lifetime of 120 days, 0 hours, and 0 seconds, specify /PWDLIFETIME="120-". For a lifetime of 120 days 12 hours, 30 minutes and 30 seconds, specify /PWDLIFETIME="120-12:30:30". If a period longer than the specified time elapses before the user logs in, the system displays a warning message. The password is marked as expired.
To prevent a password from expiring, specify the time as NONE. By default, a password expires in 90 days.
/PWDMINIMUM=valueSpecifies the minimum password length in characters. Note that this value is enforced only by the DCL command SET PASSWORD. It does not prevent you from entering a password shorter than the minimum length when you use AUTHORIZE to create or modify an account. By default, a password must have at least 6 characters. The value specified by the /PWDMINIMUM qualifier conflicts with the value used by the /GENERATE_PASSWORD qualifier or the DCL command SET PASSWORD/GENERATE, the operating system chooses the lesser value. The maximum value for generated passwords is 10.
/QUEPRIO=valueReserved for future use.
/REMOTE[=(range[,...])]Specifies hours during which access is permitted for interactive logins from network remote terminals (with the DCL command SET HOST). For a description of the range specification, see the /ACCESS qualifier. By default, remote logins have no access restrictions.
/SHRFILLM=valueSpecifies the maximum number of shared files that the user can have open at one time. By default, the system assigns a value of 0, which represents an infinite number.
/TQELMSpecifies the total number of entries in the timer queue plus the number of temporary common event flag clusters that the user can have at one time. By default, a user can have 10.
/UIC=valueSpecifies the user identification code (UIC). The UIC value is a group number in the range from 1 to 37776 (octal) and a member number in the range from 0 to 177776 (octal), which are separated by a comma and enclosed in brackets. Compaq reserves group 1 and groups 300--377 for its own use.
Each user must have a unique UIC. By default, the UIC value is [200,200].
/WSDEFAULT=valueSpecifies the default working set limit. This represents the initial limit to the number of physical pages the process can use. (The user can alter the default quantity up to WSQUOTA with the DCL command SET WORKING_SET.) By default, a user has 256 pages on VAX systems and 2000 pagelets on Alpha systems.
The value cannot be greater than WSMAX. This quota value replaces smaller values of PQL_MWSDEFAULT.
/WSEXTENT=valueSpecifies the working set maximum. This represents the maximum amount of physical memory allowed to the process. The system provides memory to a process beyond its working set quota only when it has excess free pages. The additional memory is recalled by the system if needed.
The value is an integer equal to or greater than WSQUOTA. By default, the value is 1024 pages on VAX systems and 16384 pagelets on Alpha systems. The value cannot be greater than WSMAX. This quota value replaces smaller values of PQL_MWSEXTENT.
/WSQUOTA=valueSpecifies the working set quota. This is the maximum amount of physical memory a user process can lock into its working set. It also represents the maximum amount of swap space that the system reserves for this process and the maximum amount of physical memory that the system allows the process to consume if the systemwide memory demand is significant.
The value cannot be greater than the value of WSMAX and cannot exceed 64K pages. This quota value replaces smaller values of PQL_MWSQUOTA.
When you do not specify a value for a field, AUTHORIZE uses values from the DEFAULT record (excluding the default password, which is always USER). The DEFAULT account serves as a template for creating user records in the system user authorization file.