Skip to Content
Information
Unsupported content This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

User - General Information

The General Information panel lets you identify and disable users, specify certain logon requirements, and it lets you choose the authentication mechanisms available for the user.

This panel also lets you establish security settings for users who are using SRP authentication, the default approach to authentication. For a complete description of how to set up authentication, see BMC technical documentation at Administering-security.

When entering a user name, you can use special characters. However, because RSCD agents cannot accommodate special characters in user names, all special characters are automatically encoded for use by RSCD agents. (You can see examples of this encoding if you examine the users file on a managed server.) To make encoded user names readable to humans, the system uses standard URL encoding for the following special characters.

Character

Encoding

%

%25

,

%2c

:

%3a

#

%23

space

%20

tab

%09

Field definitions

Field

Description

Name

Identifying name.

Description

Optional descriptive text.

User is disabled

To disable a user, check User is disabled.
A disabled user cannot access the BMC Server Automation system until you enable the user by clearing*User is disabled*. When you disable a user, that user is no longer pushed to agents the next time you perform an ACL Push Job.

User participates in directory synchronization

To specify that a user is not subject to processes that synchronize users in the RBAC database with external user databases such as Active Directory, clear User participates in directory synchronization.
If a user is created through a synchronization process, this option is automatically checked. For more information, see Synchronizing-users-with-LDAP-servers. If a user is created using the New User wizard, this option is automatically cleared.

Allow Secure Remote Password Authentication

Enables the user to authenticate using SRP. If you check this option you must fill in the SRP Authentication Options listed below.

Allow Active Directory/Kerberos Authentication

Check this option if you want to enable the user to authenticate using AD/Kerberos or Domain Authentication.

Allow LDAP Authentication

Check this option if you want to enable the user to authenticate using LDAP.

Allow SecurID Authentication

Check this option if you want to enable the user to authenticate using RSA SecurID.

Allow PKI Authentication

Check this option if you want to enable the user to authenticate using public key infrastructure.

Automatically disable account if inactive

Check this option to disable this user's account if he or she does not log on during a specified period of time.
You must use the blasadmin utility to enable a task that runs every 24 hours and disables inactive users. For more information, see Setting-logon-requirements. You can also use blasadmin to specify the period of time during which a user must log on to remain active. 
 You cannot disable the BLAdmin and RBACAdmin users.

SRP Authentication Options

These SRP options apply only if you checked Allow Secure Remote Password Authentication:

  • For Password, enter the user's password. Then, confirm the password by entering it again in Retype Password.
  • To specify that a user must change his or her password the next time he or she logs on, check User must change password at next logon.
  • To specify that a user's password never expires, check Password never expires.
    Clearing Password never expires means a user's password expires after the period of time specified by the Application Server's MaxPasswordAge option. To set a value for that option, use the Application Server Administration console (that is, the blasadmin utility). For more information, see Setting-logon-requirements.
  • To unlock a user whose logon is locked out, clear User is locked out.
    Users are locked out when their logon attempts repeatedly fail and the number of failed attempts exceeds a certain threshold. To specify that threshold, use the blasadmin utility to set a value for the AccountLockoutThreshold option.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Server Automation 8.3