Chat now with support
Chat with Support

Privilege Manager for Unix 7.1.1 - Administration Guide

Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager for Unix Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager for Unix Variables
Variable names Variable scope Global input variables Global output variables Global event log variables PM settings variables
Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures
Environment functions Hash table functions Input and output functions LDAP functions LDAP API example List functions Miscellaneous functions Password functions Remote access functions String functions User information functions Authentication Services functions
Privilege Manager for Unix programs Installation Packages

getgroups

Syntax
list getgroups ( string user )
Description

getgroups returns the list of groups to which the specified user belongs from the policy server (or from the client host if getpasswordfromrun is set to yes in the policy server's pm.settings file). If you do not specify a user, it returns the submituser's secondary groups.

The following example returns the list of groups to which root belongs.

Example
# print the list of groups to which root belongs 
print(getgroups("root"));

gethome

Syntax
string gethome( string user )
Description

gethome returns the specified user’s home directory from the policy server (or from the client host if getpasswordfromrun is set to yes in the policy server's pm.settings file).

Example
# set working directory to root's home dir on the policy server 
runcwd = gethome("root"); 

getshell

Syntax
string getshell ( string user )
Description

getshell returns the specified user’s login program from the policy server (or from the client host if getpasswordfromrun is set to yes in the policy server's pm.settings file).

Example
#check the user's shell on the policy server is in /opt/quest/bin 
shell=getshell(user); 
if (dirname(shell) != "/opt/quest/bin") { 
   reject "You are only permitted to run a login shell from /opt/quest/bin"; 
}

Authentication Services functions

These are the built-in Authentication Services functions available to use within the pmpolicy file.

Table 47: Authentication Services functions
Name Description
vas_auth_user_password Authenticate a user to Active Directory using Authentication Services.
vas_host_in_ADgrouplist Check whether selected host name and domain is a member of any group in the selected list.
vas_host_is_member Check whether selected host name and selected domain is a member of the selected group.
vas_user_get_groups Check membership of the group lists.
vas_user_in_ADgrouplist Return membership of the Active Directory group lists.

vas_user_is_member

Check whether a selected user name and selected domain is a member of the selected group.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating