Registry Entries Created by passwd_import

· For Principal and Group Entries:

- Alias/Primary Name = If the password file contains two entries with the same UNIX number, passwd_import creates a primary name entry for the first UNIX number it finds and an alias for each occurrence of the same UNIX number.

- Full Name = A blank string; no full name is added for the entry.

- Membership List = For new groups only, all principals that are listed in the group file and all principals with registry accounts that are associated with that group.

- Project List = Yes (for groups only).

· For Account Entries:

- Account Expiration Date = None.

- Account-Valid Flag = No. Use the dcecp acount modify command to change this flag to y after the password is set.

- Client Flag = Yes.

- Duplicate Certificate Flag = No.

- Forwardable Certificate Flag = Yes.

- GECOS = The same value as the entry in the principal's GECOS field in the etc/passwd file.

- Good Since Date = Time of the account creation.

- Home Directory = The same value as the principal's home directory entry in the /etc/passwd file.

- Login Shell = The same value as the principal's login shell entry in the /etc/passwd file.

- Maximum Certificate Lifetime = Set to the registry authentication policy.

- Maximum Certificate Renewable = Set to the registry authentication policy.

- Password = Randomly generated. Note that you must modify or reset randomly generated passwords before user authentication is possible.

- Password Date and Time Modified = Set to the date and time passwd_import was run.

- Password-Valid Flag = No.

- Postdated Certificate Flag = No.

- Proxiable Certificate Flag = No.

- Renewable Certificate Flag = Yes.

- Server Flag = Yes.

- TGT Authentication Flag = Yes.

Note that passwd_import does not set usable passwords for the accounts it creates. You must use the dcecp account modify command to set passwords before authentication is possible.