Chat now with support
지원 담당자와 채팅

Privilege Manager for Sudo 6.1 Common Documents - Administration Guide

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Sudo Planning Deployment Installation and Configuration Upgrade Privilege Manager for Sudo System Administration Managing Security Policy Administering Log and Keystroke Files Troubleshooting Privilege Manager Variables Privilege Manager programs Installation Packages Unsupported Sudo Options Privilege Manager for Sudo Policy Evaluation

Installing secondary servers

To install the secondary server

  1. From the command line of the host designated as your secondary policy server, log on as the root user.
  2. Change to the directory containing the qpm-server package for your specific platform.

    For example, on a 64-bit Red Hat Linux, run:

    # cd server/linux-x86_64
  3. Run the platform-specific installer. For example, run:
    # rpm –-install qpm-server-*.rpm

    NOTE: The Solaris server has a filename that starts with QSFTpmsrv.

    When you install the qpm-server package, it installs all three Privilege Manager components on that host:

    • Privilege Manager Policy Server
    • PM Agent (which is used by Privilege Manager for Unix)
    • Sudo Plugin (which is used by Privilege Manager for Sudo)

    You can only join a PM Agent host to a Privilege Manager policy server or a Sudo Plugin host to a sudo policy server. See Security policy types for more information about policy types.

Configuring a secondary server

You use the pmsrvconfig -s <primary_policy_server> command to configure a secondary server. See pmsrvconfig for more information about the pmsrvconfig command options.

To configure the secondary server

  1. From the command line of the secondary server host, run:
    # pmsrvconfig –s <primary_policy_server>

    where <primary_policy_server> is the hostname of your primary policy server.

    pmsrvconfig prompts you for the "Join" password from the primary policy server, exchanges ssh keys for the pmpolicy service user, and updates the new secondary policy server with a copy of the master (production) policy.

Once you have installed and configured a secondary server, you are ready to join the Sudo Plugin to it. See Join hosts to policy group for details.

Synchronizing policy servers within a group

Privilege Manager generates log files containing event timestamps based on the local clock of the authorizing policy server.

To synchronize all policy servers in the policy group, use Network Time Protocol (NTP) or a similar method of your choice.

Install Sudo Plugin on a remote host

Once you have installed and configured the primary policy server, you are ready to install a Sudo Plugin on a remote host.

관련 문서