list getgroups ( string user )
getgroups returns the list of groups to which the specified user belongs from the policy server (or from the client host if getpasswordfromrun is set to yes in the policy server's pm.settings file). If you do not specify a user, it returns the submituser's secondary groups.
The following example returns the list of groups to which root belongs.
# print the list of groups to which root belongs print(getgroups("root"));
string gethome( string user )
gethome returns the specified user’s home directory from the policy server (or from the client host if getpasswordfromrun is set to yes in the policy server's pm.settings file).
# set working directory to root's home dir on the policy server runcwd = gethome("root");
string getshell ( string user )
getshell returns the specified user’s login program from the policy server (or from the client host if getpasswordfromrun is set to yes in the policy server's pm.settings file).
#check the user's shell on the policy server is in /opt/quest/bin shell=getshell(user); if (dirname(shell) != "/opt/quest/bin") { reject "You are only permitted to run a login shell from /opt/quest/bin"; }
These are the built-in Authentication Services functions available to use within the pmpolicy file.
Name | Description |
---|---|
vas_auth_user_password | Authenticate a user to Active Directory using Authentication Services. |
vas_host_in_ADgrouplist | Check whether selected host name and domain is a member of any group in the selected list. |
vas_host_is_member | Check whether selected host name and selected domain is a member of the selected group. |
vas_user_get_groups | Check membership of the group lists. |
vas_user_in_ADgrouplist | Return membership of the Active Directory group lists. |
Check whether a selected user name and selected domain is a member of the selected group. |
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Nutzungsbedingungen Datenschutz Cookie Preference Center