This article starts with installation and configuration of the policy server itself. To ensure that minimum requirements are met please see the attached document.
These steps are taken from the QPM4SAdminGuide.pdf which is also attached to this article.
1. Change to the directory containing the qpm-server package for your specific platform ( in this example we choose linux)
# cd server/linux-intel
2. Run the platform-specific installer.
# rpm --install qpm-server-5.6.nnn.i386.rpm
3. Configure the primary policy server by running: # /opt/quest/sbin/pmsrvconfig
Note: By default, the local /etc/sudoers policy file is used and imported into the policy server repository. To import an alternate sudoers file, run the command with the -f option, as follows: # /opt/quest/sbin/pmsrvconfig –f <sudoers>
Where: <sudoers> is the path to the alternate sudoers file. For example: # /opt/quest/sbin/pmsrvconfig –f /tmp/sudoers
4. Accept the End User License Agreement (EULA) to configure the policy server.
5. When prompted, set the password for the new pmpolicy user. Note: When you run pmsrvconfig, it configures a password for the primary policy server used to setup an SSH key between the sudo host and the server for the offline policy caching feature. You are required to use this password when you join a remote sudo plugin host to the policy server. (See Join Host(s) to Policy Group from the Console for details in the attached document.)
6. (Optional) All Privilege Manager commands are in the /opt/quest/sbin directory so you may want to update your PATH to include the Privilege Manager commands, as follows:
Note: When you install the qpm-server package, the Quest One Privilege Manager for Sudo plugin is installed on the policy server automatically.
7. The next steps require setting up and configuring a policy group in the Management Console for Unix. Instructions for this are also in the attached documents starting on page 17.
© 2020 One Identity LLC. ALL RIGHTS RESERVED. Feedback 이용 약관 개인정보 보호정책