サポートと今すぐチャット
サポートとのチャット

Privilege Manager for Unix 7.2.1 - Administration Guide

Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager for Unix Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager for Unix Variables
Variable names Variable scope Global input variables Global output variables Global event log variables PM settings variables
Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures
Environment functions Hash table functions Input and output functions LDAP functions LDAP API example List functions Miscellaneous functions Password functions Remote access functions String functions User information functions Authentication Services functions
Privilege Manager for Unix programs Installation Packages

Authentication Services functions

These are the built-in Authentication Services functions available to use within the pmpolicy file.

Table 47: Authentication Services functions
Name Description
vas_auth_user_password Authenticate a user to Active Directory using Authentication Services.
vas_host_in_ADgrouplist Check whether selected host name and domain is a member of any group in the selected list.
vas_host_is_member Check whether selected host name and selected domain is a member of the selected group.
vas_user_get_groups Check membership of the group lists.
vas_user_in_ADgrouplist Return membership of the Active Directory group lists.

vas_user_is_member

Check whether a selected user name and selected domain is a member of the selected group.

vas_auth_user_password

Syntax
int vas_auth_user_password ( string user, string pmpt, [, int tries] )
Description

The vas_auth_user_password function attempts to authenticate a user to Active Directory using the Authentication Services API. This feature is platform dependent. The feature_enabled() function indicates whether this feature is supported on a particular policy server.

Returns 1 if the user successfully authenticates; otherwise it returns 0 (zero).

Example
if (feature_enabled(FEATURE_VAS) ) { 
   if (!vas_auth_user_password(user, "AD Password:", 3)) { 
      reject “Failed to authenticate to AD”; 
   } 
}

vas_host_in_ADgrouplist

Syntax
int vas_host_in_ADgrouplist ( string hostname, string domain, list ADgrouplist [, boolean verbose] )
Description

The vas_host_in_ADgrouplist function checks if the selected host name and domain is a member of any group in the selected list. It calls vas_host_is_member for each item in the list.

Returns: -1 if host is not found in the list, otherwise it returns the index of the matched list entry.

vas_host_is_member

Syntax
int vas_host_is_member ( string hostname, string groupname [, string domain [, boolean verbose]] )
Description

The vas_host_is_member function checks whether a selected host name and selected domain is a member of the selected group. If domain is empty, it defaults to the joined domain. You can specify the group name as <domain>/<group> or <group>@<domain>.

Returns:

  • 0: host not in group
  • 1: host in group
  • -1: error
関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択