Tchater maintenant avec le support
Tchattez avec un ingénieur du support

One Identity Management Console for Unix 2.5.2 - Administration Guide

One Identity Privileged Access Suite for Unix Introducing One Identity Management Console for Unix Installing Management Console for Unix Preparing Unix hosts Working with host systems Managing local groups Managing local users Active Directory integration Authentication Services integration Privilege Manager integration Reporting Setting preferences Security Troubleshooting tips
Auto profiling issues Active Directory Issues Auditing and compliance Cannot create a service connection point Check Authentication Services agent status commands not available CSV or PDF reports do not open Database port number is already in use Elevation is not working Hosts do not display Import file lists fakepath Information does not display in the console License information in report is not accurate Out of memory error Post install configuration fails on Unix or Mac Privilege Manager feature issues Profile task never completes questusr account was deleted Readiness check failed Recovering from a failed upgrade Reports are slow Reset the supervisor password Running on a Windows 2008 R2 domain controller Service account login fails Setting custom configuration settings Single Sign-on (SSO) issues JVM memory tuning suggestions Start/stop/restart Management Console for Unix service Toolbar buttons are not enabled UID or GID conflicts
System maintenance Command line utilities Web services Database maintenance

Configuring Windows 2003 R2 schema

If you are running Authentication Services without a Authentication Services application configuration in your forest and your domain supports Windows 2003 R2, you can enable Management Console for Unix to use the Windows 2003 R2 schema. However, please note, some functionality provided by the Authentication Services application configuration will be unavailable.

To configure Windows 2003 R2 schema

  1. From the top-level Settings menu, navigate to System settings | Authentication Services.
  2. Select the Use Windows 2003 R2 schema option.

Security

Management Console for Unix provides different levels of security to protect sensitive information stored on the server and in the Unix systems that you wish to manage. Management Console for Unix protection focuses on the following areas:

  • Management Console for Unix server and console
  • Active Directory
  • Managed Unix hosts
  • The database

This section outlines the security features used by Management Console for Unix for each of these areas of protection.

Management Console for Unix server and console

Access to the Management Console for Unix server is controlled by the supervisor account when using the core version; or with Active Directory credentials when the mangement console is configured for Active Directory. When you enable Active Directory log on, you can configure access to the mangement console to allow individual users or members of Active Directory groups to access the mangement console. See Console Roles and Permissions system settings for details on how to enable access for users and groups.

Note: Since Active Directory supports nested groups, a user may be granted access even if they are not a direct member of the nominated group, but are a member of one or more child groups. Care should be taken when using nested groups to ensure that access is not accidentally granted to the wrong users.

When authenticating with Active Directory credentials, you may

Authenticating the supervisor user

When a user logs on as 'supervisor', the password is hashed on the client with a known salt and compared with the stored value in the Management Console for Unix database. The plain text password is never stored on the server. The password encryption is irreversible. As a result, if the supervisor password is lost it cannot be recovered, but may be reset by a user with logon access to the machine where the Management Console for Unix server is running. See Reset the supervisor password for details.

Documents connexes