Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Privilege Manager for Unix 6.1 Common Documents - Administration Guide

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager Variables Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures Privilege Manager programs Installation Packages

getgrouppasswd

Syntax
int getgrouppasswd ( string group [, int attempts])
Description

The getgrouppasswd function prompts you for a user name in the user group group on the policy server and then prompts for that user’s password and authenticates the user on the policy server. The user may try up to attempts times to correctly enter the password before the function exits. The default number of allowed attempts is 3.

By default, this function authenticates the user on the policy server. Set the value of getpasswordfromrun in pm.settings to yes to authenticate the user on the client instead.

Returns true if the user successfully authenticates on the policy server, otherwise returns false if the user fails to authenticate after attempts tries.

Example
if (getgrouppasswd("admin", 2) == false) 
{ 
   reject; 
}

getstringpasswd

Syntax
int getstringpasswd ( string <password> [, string <prompt>] [, int <attempts>] )
Description

getstringpasswd prompts you for a "code word" which has been encrypted using the pmpasswd program and specified in the configuration file. You can also specify an optional prompt, which defaults to "Password:". And, you can specify the number of attempts to allow; the default is 3.

Returns true if the user enters the correct codeword; otherwise false.

Example
if (getstringpasswd("GhDByC9JGIRFI", "Enter password now: ", 4) == false) { 
   reject ; 
}

getuserpasswd

Syntax
int getuserpasswd ( int user [, string prompt] [, int attempts] )
Description

getuserpasswd prompts the specified user for a password. You can specify an optional prompt, which defaults to "Password:". And you can specify the number of attempts to allow; the default is 3.

By default, this function authenticates the user on the policy server. Set the value of getpasswordfromrun in pm.settings to yes to authenticate the user on the client instead.

Returns true if the user enters the correct codeword; otherwise false.

Example
if (getuserpasswd("admin", "Password: ", 1) == false ) { 
   reject; 
}

Remote access functions

These are the built-in remote access functions available to use within the policy file.

Table 43: Remote access functions
Name Description
remotefileexists Check a file exists on a host.
remotegroupinfo Check if a group exists on a host.
remotegrouplist Get a list of groups from a host.
remotesysinfo Get the uname information from a host.
remoteusergroups Get a list of a user’s groups on a host.
remoteuserinfo Get a user’s information from a host.
remoteuserlist Get a list of users on a host.
Documents connexes