string getshell ( string user )
getshell returns the specified user’s login program from the policy server (or from the client host if getpasswordfromrun is set to yes in the policy server's pm.settings file).
#check the user's shell on the policy server is in /opt/quest/bin
shell=getshell(user);
if (dirname(shell) != "/opt/quest/bin") {
reject "You are only permitted to run a login shell from /opt/quest/bin";
}These are the built-in Authentication Services functions available to use within the pmpolicy file.
| Name | Description |
|---|---|
|
Authenticate a user to Active Directory using Authentication Services. | |
|
Check whether selected host name and domain is a member of any group in the selected list. | |
|
Check whether selected host name and selected domain is a member of the selected group. | |
|
Check membership of the group lists. | |
|
Return membership of the Active Directory group lists. | |
|
Check whether a selected user name and selected domain is a member of the selected group. |
int vas_auth_user_password ( string user, string pmpt, [, int tries] )
The vas_auth_user_password function attempts to authenticate a user to Active Directory using the Authentication Services API. This feature is platform dependent. The feature_enabled() function indicates whether this feature is supported on a particular policy server.
Returns 1 if the user successfully authenticates; otherwise it returns 0 (zero).
if (feature_enabled(FEATURE_VAS) ) {
if (!vas_auth_user_password(user, "AD Password:", 3)) {
reject “Failed to authenticate to AD”;
}
}int vas_host_in_ADgrouplist ( string hostname, string domain, list ADgrouplist [, boolean verbose] )
The vas_host_in_ADgrouplist function checks if the selected host name and domain is a member of any group in the selected list. It calls vas_host_is_member for each item in the list.
Returns: -1 if host is not found in the list, otherwise it returns the index of the matched list entry.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. 이용 약관 개인정보 보호정책 Cookie Preference Center