Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Privilege Manager for Unix 6.1.1 - Administration Guide for Unix

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager Variables Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures Privilege Manager programs Installation Packages

vas_user_get_groups

Syntax
int vas_user_get_groups ( string username, string domainname [, boolean verbose] )
Description

The vas_user_get_groups function checks membership of the group lists.

Returns the index of the matched list item if found, or -1 if not found.

vas_user_in_ADgrouplist

Syntax
int vas_user_in_ADgrouplist ( string username, string domain, list ADgrouplist [, boolean verbose] )
Description

The vas_host_in_ADgrouplist function checks membership of the Active Directory group lists.

Returns the index of the matched list item if found, or -1 if not found.

vas_user_is_member

Syntax
int vas_user_is_member (string username, string groupname [, string domain [, boolean verbose]] )
Description

The vas_user_is_member function checks whether a selected user name and selected domain is a member of the selected group. If domain is empty, it defaults to the joined domain. You can specify the group name as <domain>/<group> or <group>@<domain>.

Returns:

  • 0: user not in group
  • 1: user in group
  • -1: error

Privilege Manager programs

This section describes each of the Privilege Manager programs and their options. The following table indicates which Privilege Manager component installs each program.

Table 47: Privilege Manager programs
Name Description Server Agent Sudo

pmbash

Is a wrapper for the GNU Bourne Again SHell that provides transparent authorization and auditing for all commands submitted during the shell session.

X

X

-

pmcheck

Verifies the syntax of a policy file.

X - X
pmclientd

The Privilege Manager Client daemon that listens on the configured policy server port and responds to a remote request.

X X -
pmclientinfo

Displays configuration information about a client host.

X X -
pmcp

Privilege Manager remote file copy command.

X X -
pmcsh

Privilege Manager C Shell provides transparent authorization and auditing for all commands submitted during the shell session.

X X -
pmincludecheck

Used by pmsrvconfig script on the primary server only. When configuring a primary server in pmpolicy type, if you do not have a policy file to import into the repository, then pmincludecheck initializes the policy from the current set of default policy files provided in the installation.

X - -
pminfo

Registers the local host with the Privilege Manager 5.5 policy server.

Note that pminfo is obsolete as of version 5.6 and is included for backwards compatibility only.

X X -
pmjoin

Configures a Privilege Manager agent to communicate with the servers in the group.

X X -
pmkey

Generates and installs configurable certificates.

X X X
pmksh

Privilege Manager K Shell provides transparent authorization and auditing for all commands submitted during the shell session.

X X -
pmless

A terminal pager program that allows you to view (by not modify) the contents of a text file one screen at a time.

X X -
pmlicense

Displays current license information and allows you to update a license (an expired one or a temporary one before it expires) or create a new one.

X - -
pmlist Lists the commands that the user is permitted to run. X X -
pmloadcheck

Controls load balancing and failover for connections made from the host to the configured policy servers.

X X -
pmlocald

The Privilege Manager Local daemon which runs programs when instructed to do so by the appropriate policy server daemon.

X X -
pmlog

Displays entries in a Privilege Manager event log.

X - -
pmlogadm

Manages encryption options on the event log.

X - -
pmlogsearch

Searches all logs in a policy group based on specified criteria.

X - -

pmlogsrvd

The Privilege Manager for Unix log access daemon, the service responsible for committing events to the Privilege Manager for Unix event log and managing the database storage used by the event log.

X

 

 

pmmasterd

The Privilege Manager Master daemon which examines each user request and either accepts or rejects it based upon information in the Privilege Manager configuration file. You can have multiple pmmasterd daemons on the network to avoid having a single point of failure.

X - X
pmmg

A special version of an emacs text editor to use with Privilege Manager for Unix (gnu-style key bindings).

X X -
pmpasswd

Generates an encrypted password which can be used in the configuration file.

X - -
pmpolicy

A command-line utility for managing the Privilege Manager security policy. This utility checks out the current version, checks in an updated version, and reports on the repository.

X - -
pmpolicyconvert

Utility that allows you to verify, and if necessary, convert any number of policy files for use with Privilege Manager V5.5 (or later).

X - -
pmpolsrvconfig

Configures (or unconfigures) a primary or secondary policy server. Allows you to grant a user access to a repository.

X - -
pmremlog

Provides a wrapper for the pmlog and pmreplay utilities to access the event (audit) and keystroke (I/O) logs on any server in the policy group.

X - -
pmreplay

Replays an I/O log file allowing you to review what happened during a previous privileged session.

X - -
pmresolvehost

Verifies the host name or IP resolution for the local host or a selected host.

X X X
pmrun

Allows a user to run a command from their local machine as root. The policy server daemon, pmmasterd, examines each request from pmrun, and either accepts or rejects it based upon the policies specified in the policy file.

X X -

pmscp

Allows Privilege Manager for Unix to launch the remote scp daemons.

X

-

-

pmserviced

The Privilege Manager Service daemon listens on the configured ports for incoming connections for the Privilege Manager daemons. pmserviced uses options in pm.settings to determine the daemons to run, the ports to use, and the command line options to use for each daemon.

X X X
pmsh

Privilege Manager Bourne Shell that provides transparent authorization and auditing for all commands submitted during the shell session.

X X -
pmshellwrapper

A wrapper for any valid login shell on a host.

X X -
pmsrvcheck

Checks the Privilege Manager policy server configuration to ensure it is setup properly.

X - -
pmsrvconfig

Configures a primary or secondary policy server.

X - -
pmsrvinfo Verifies the policy server configuration. X - -
pmstatus

Verifies connectivity between Privilege Manager and the pmlocald and pmmasterd daemons on the specified hosts.

X X -
pmsum

Generates a simple checksum of a binary.

X - -
pmsysid

Displays the Privilege Manager system ID.

X X X
pmtunneld

The Privilege Manager Tunnel daemon that acts as a proxy for pmrun when pmlocald communicates with pmrun through a firewall.

X X -
pmumacs

A special version of a microemacs text editor to use with Privilege Manager for Unix (gosling-style key bindings).

X X -
pmverifyprofilepolicy

Verifies the syntax and structure of the policy file and checks whether a particular command will be accepted or rejected.

X - -
-
Documents connexes