Chat now with support
지원 담당자와 채팅

Privilege Manager for Sudo 6.1 Common Documents - Administration Guide

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Sudo Planning Deployment Installation and Configuration Upgrade Privilege Manager for Sudo System Administration Managing Security Policy Administering Log and Keystroke Files Troubleshooting Privilege Manager Variables Privilege Manager programs Installation Packages Unsupported Sudo Options Privilege Manager for Sudo Policy Evaluation

Checking policy server status

The primary and secondary policy servers need to communicate with each other. The Sudo Plugin hosts also need to communicate with the policy servers in the policy group. Run pmpluginloadcheck on the remote hosts to verify that they can communicate with the policy servers in the group.

To determine if there any issues with policy servers in the policy group

From the Privilege Manager for Sudo host command line, enter:

# pmpluginloadcheck -r

This command has output similar to this:

[0][root@sol10-x86 /]# pmpluginloadcheck -r 
** Reporting current availability of each configured master... 
   * Host:myhost1.example.com (172.16.1.129) ... [ OK ] 
** Based on this data, the server list is currently ordered as: 
1.	myhosts.example.com 
Related Topics

pmpluginloadcheck

Checking the Sudo Plugin configuration status

To check the Sudo Plugin configuration status

  1. From the command line, enter:
    # pmplugininfo

    This command returns output similar to this:

    # pmplugininfo 
       - Joined to a policy group          : YES 
       - Name of policy group              : MyPolicyGroup 
       - Hostname of primary policy server : myhost.example.com

    NOTE: If the Sudo Plugin has been properly configured, it will say Joined to a Policy Group: YES and give the policy group name and primary policy server’s hostname.

Related Topics

pmplugininfo

Installing licenses

A newly installed Privilege Manager policy server comes with an evaluation license. See Privilege Manager licensing for more information about the Privilege Manager licensing options.

Although licenses are allocated on a per-agent basis, you install licenses on Privilege Manager policy servers.

NOTE: No special commands are required to register or license the clients with policy servers. Hosts using the Privilege Manager agents are automatically granted a license once a request is received on the Privilege Manager policy server by means of the sudo client programs.

To install a license file

  1. Copy the .xml license file to the policy server.
  2. To install the license, run:
    # /opt/quest/sbin/pmlicense –l <license_file>

    This command displays your currently installed license and the details of the new license to be installed.

  3. When it asks, "Would you like to install the new license (Y/N) [Y]?", press Enter, or type: Y
  4. If there are other policy servers configured in your policy server group, it forwards the license configuration to the other servers.
Related Topics

pmlicense

 

Displaying license usage

Use the pmlicense command to display how many client licenses are installed on the policy server on which you run the command.

Use pmlicense without any arguments to show an overall status summary, including the number of licenses configured and the total licenses in use for each license option.

To display current license status information

  1. At the command line, enter:

    # pmlicense

    Privilege Manager displays the current license information, noting the status of the license. Your output will be similar to the following:

    *** One Identity Privilege Manager *** 
    *** QPM4U VERSION 6.0.0 (0xx) *** 
    *** CHECKING LICENSE ON HOSTNAME:user123.example.com, IP ADDRESS:10.10.178.123 *** 
    *** SUMMARY OF ALL LICENSES CURRENTLY INSTALLED *** 
       * License Type PERMANENT 
       * Commercial/Freeware License COMMERCIAL 
       * Expiration Date NEVER 
       * Max QPM4U Client Licenses 0 
       * Max Sudo Policy Plugin Licenses 10 
       * Max Sudo Keystroke Plugin Licenses 0 
       * Authorization Policy Type permitted ALL 
       * Total QPM4U Client Licenses In Use 0 
       * Total Sudo Policy Plugins Licenses In Use 4 
       * Total Sudo Keystroke Plugins Licenses In Use 0

The above example shows that the current license allows for ten Sudo Policy Plugins (Sudo Plugin licenses) and four licenses are currently in use.

Use pmlicense with the –us option to view a summary usage report; use -uf to view the full usage report.

To show a full usage report including last use dates

  1. At the command line, enter:

    # pmlicense -uf

    Your output will be similar to the following:

    Detailed Licensed Hosts Report 
    ------------------------------------------------------------------------- 
    Number | Last Access Time                           | Hostname 
    ------------------------------------------------------------------------- 
           | QPM4U | SudoPolicy         | SudoKeystroke | 
    ------------------------------------------------------------------------- 
    1      |       |  2012/07/01 17:14  |               | admin1.example.com 
    2      |       |  2012/07/01 17:14  |               | user101.example.com 
    3      |       |  2012/07/01 16:28  |               | user123.example.com 
    4      |       |  2012/07/01 17:14  |               | dev023.example.com

The above output shows the full report, including the host names and dates the Sudo Plugins used the policy server.

NOTE: The pmlicense command supports many other command-line options.

Related Topics

pmlicense

관련 문서