PKI Server Subsystem User CLI - dogtagpki/pki GitHub Wiki

Overview

The pki-server <subsystem>-user commands provide a way to manage users in subsystem database even when PKI server is offline. These commands can only be executed by the system administrator.

Listing Subsystem Users

To list the users in the subsystem:

$ pki-server ca-user-find
  User ID: CA-localhost.localdomain-8443
  Full Name: CA-localhost.localdomain-8443
  Type: agentType
  State: 1

  User ID: caadmin
  Full Name: caadmin
  Email: [email protected]
  Type: adminType
  State: 1

  User ID: pkidbuser
  Full Name: pkidbuser
  Type: agentType
  State: 1

Displaying Subsystem User Info

To display the subsystem user info:

$ pki-server ca-user-show pkidbuser
  User ID: pkidbuser
  Full Name: pkidbuser
  Type: agentType
  State: 1

In PKI 11.9 the command provides a --attr option to display an operational attribute (e.g. nsPagedSizeLimit) in the subsystem user:

$ pki-server ca-user-show \
    --attr nsPagedSizeLimit \
    pkidbuser
  User ID: pkidbuser
  Full Name: pkidbuser
  Type: agentType
  State: 1
  nsPagedSizeLimit: -1

Note that the option can be specified multiple times to display multiple operational attributes. To display all operational attributes, specify --attr +.

Adding Subsystem User

To add a subsystem user, specify the user ID, the full name, and the type:

$ pki-server ca-user-add \
    --full-name "Test User" \
    --type adminType \
    testuser

In PKI 11.6 or later the user certificate can be specified with the --cert <path> option.

Modifying Subsystem User

To modify a subsystem user, specify the user ID and the attributes to change:

$ pki-server ca-user-mod \
    --add-see-also uid=testuser \
    testuser

In PKI 11.9 the command provides an option to modify internal attributes (e.g. nsPagedSizeLimit) in the subsystem user:

$ pki-server ca-user-mod \
    --attr nsPagedSizeLimit=-1 \
    pkidbuser

Resetting Subsystem User Password

To reset user password, specify the new password as follows:

$ pki-server ca-user-mod \
    --password Secret.123 \
   testuser

Alternatively, the new password can be specified in a file:

$ pki-server ca-user-mod \
    --password-file password.txt \
    testuser

Availability: Since PKI 11.5

Removing Subsystem User

To remove a subsystem user, specify the user ID:

$ pki-server ca-user-del testuser

Availability: Since PKI 11.1

See Also

Tip
 To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis.
⚠️ **GitHub.com Fallback** ⚠️