To verify the policy server configuration
# pmsrvinfo
The pmsrvinfo command displays the current configuration settings. For example:
Policy Server Configuration:
----------------------------
Privilege Manager for Unix version : 6.0.0
Listening port for pmmasterd daemon : 12345
Comms failover method : random
Comms timeout(in seconds) : 10
Policy type in use : pmpolicy
Group ownership of logs : pmlog
Group ownership of policy repository : pmpolicy
Policy server type : primary
Primary policy server for this group : <polsrv>.example.com
Group name for this group : <polsrv>.example.com
Location of the repository
: file:////var/opt/quest/<polsrv>/.<polsrv>/.repository/pmpolicy_repos/trunk
Hosts in the group : <polsrv>.example.com
Note the entries for policy type (pmpolicy) and policy server type (primary). See Security policy types for more information about security policy types.
If you are using the whatis database and you chose to install the man pages, you may wish to recompile the database to allow users to search the documentation using keywords.
Once you have installed and configured the primary policy server, you are ready to join it to a policy group. When you join a policy server to a policy group, it enables that host to validate security privileges against a single common policy file located on the primary policy server, instead of on the host.
For Unix agents (qpm-agent), you must "join" your policy servers to the policy group using the pmjoin command.
To join a PM Agent to a policy server
# cd agent/linux-x86_64
# pmjoin <primary_policy_server>
where <primary_policy_server> is the hostname of the primary policy server.
Running pmjoin performs the configuration of the PM Agent, including modifying the pm.settings file The pmjoin command supports many command line options. See pmjoin for details or run pmjoin with the -h option to display the help.
When you run pmjoin with no options, the configuration script automatically configures the agent with default settings. See Agent configuration settings for details about the default and alternate agent configuration settings.
You can modify the /etc/opt/quest/qpm4u/pm.settings file later, if you want to change one of the settings. See PM settings variables for details.
Once you have completed the configuration script interview, it configures the agent and joins it to the policy server.
Once you complete the agent configuration script (by running the pmjoin command), it:
Adds the Privilege Manager for Unix shells to the system's list of valid shells and creates wrappers for the installed (system) shells. The following shells are provided, based on standard shells:
Each shell provides command-control for every command entered by the user during a login session. You can configure each command the user enters to require authorization with the policy server for execution. This includes the shell built-in commands.
# pmrun id
This returns the root user id, not the user’s own id, to show that the command ran as root.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. 이용 약관 개인정보 보호정책 Cookie Preference Center