Chatta subito con l'assistenza
Chat con il supporto

Privilege Manager for Unix 7.2.1 - Administration Guide

Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager for Unix Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager for Unix Variables
Variable names Variable scope Global input variables Global output variables Global event log variables PM settings variables
Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures
Environment functions Hash table functions Input and output functions LDAP functions LDAP API example List functions Miscellaneous functions Password functions Remote access functions String functions User information functions Authentication Services functions
Privilege Manager for Unix programs Installation Packages

Policy server daemon hosts

Privilege Manager for Unix requires that you choose a host to act as the policy server. This machine will run the pmmasterd daemon and must be available to manage requests for the whole network.

Run the policy server daemon on the most secure and reliable node. To maximize security, ensure the computer is physically inaccessible and carefully isolated from the network.

The policy server requires that the pmmasterd port (TCP/IP port 12345, by default) is available, and that PM Agent hosts joined to the policy server are able to communicate with the policy server on this network port.

You can run multiple policy servers for redundancy and stability. Privilege Manager for Unix automatically selects an available policy server if more than one is on the network. For now, choose one machine to run pmmasterd. See pmmasterd for more information.

Local daemon hosts

Each machine that runs requests using Privilege Manager for Unix must run a pmlocald daemon. Typically you will run pmlocald on all your machines. See pmlocald for more information.

Installing the Privilege Manager for Unix packages

After you make sure your primary policy server host meets the system requirements, you are ready to install the Privilege Manager for Unix packages.

To install the Privilege Manager for Unix packages

  1. From the command line of the host designated as your primary policy server, run the platform-specific installer. For example, run:
    # rpm --install qpm-server-*.rpm

    The Solaris server has a filename that starts with QSFTpmsrv.

    When you install the qpm-server package, it installs all three Privilege Manager for Unix components on that host: the Privilege Manager for Unix Policy Server, the PM Agent, and the Sudo Plugin.

For details instructions on installing and configuring Safeguard for Sudo, see the One Identity Safeguard for Sudo Administration Guide.

Modifying PATH environment variable

After you install the primary policy server, you may want to update your PATH to include the Privilege Manager for Unix commands.

To modify the user's PATH environment variable

  1. If you are a Privilege Manager for Unix administrator, add these quest-specific directories to your PATH environment:
    /opt/quest/bin:/opt/quest/sbin
  2. If you are a Privilege Manager for Unix user, add this path to your PATH environment:
    /opt/quest/bin
Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione