You can use environment variables to turn on or off special features of Privilege Manager for Unix configuration files. In the following example, the list of Privilege Manager for Unix variables is printed to the user's screen if the DEBUG environment variable is set to "yes". This is useful when debugging a configuration file. Simply set the DEBUG variable to "yes" in your shell, then run pmrun. Privilege Manager for Unix notices the DEBUG variable, and calls the printvars function.
if(getenv("DEBUG")=="yes") printvars();
If you have a large site where you add and remove hosts frequently, you may already be using netgroups to associate a group name with a set of hosts. The Privilege Manager for Unix innetgroup function inquires if a named host is a member of a named netgroup.
For example, you can reject requests originating from any machine that is not in the netgroup myhosts as follows:
if(!innetgroup("myhosts", host)) reject;
You can reject all requests that do not originate from your domain; that is, specify only the hosts that you trust to issue requests by using the following:
if(submithost !in {"*.quest.com"}) reject;
When the agent and policy server are on different sides of a firewall, Privilege Manager for Unix needs a number of ports to be kept open. By default, Privilege Manager for Unix can use ports in the 600 to 31024 range, but when using a firewall, you may want to limit the ports that can be used. See Restricting port numbers for command responses for more information.
This section describes
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Nutzungsbedingungen Datenschutz Cookie Preference Center