Chat now with support
Chat with Support

Privilege Manager for Unix 7.1 - Administration Guide

Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager for Unix Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager for Unix Variables
Variable names Variable scope Global input variables Global output variables Global event log variables PM settings variables
Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures
Environment functions Hash table functions Input and output functions LDAP functions LDAP API example List functions Miscellaneous functions Password functions Remote access functions String functions User information functions Authentication Services functions
Privilege Manager for Unix programs Installation Packages

pmversion

Description

Type string READONLY

pmversion contains the Privilege Manager for Unix version and build number.

Example
print("The current Privilege Manager for Unix version is %s", pmversion);

ptyflags

Description

Type string READONLY

ptyflags contains a bitmask indicating the ptyflags set from the submit user's environment. If set, the following bits indicate:

Bit 0: stdin is open 
Bit 1: stdout is open
Bit 2: stderr is open
Bit 3: command was run in pipe mode
Bit 4: stdin is from a socket
Bit 5: command to be run using nohup
Example
PTY_IN=0x1; 
if (ptyflags & PTY_IN) 
{ 
   #only authenticate if stdin is open and password can be entered 
   if (!authenticate_pam(user, "sshd")) 
   { 
      reject "Failed to authenticate user"; 
   } 
} 
else 
{ 
   reject "Cannot authenticate the user"; }
Related Topics

runptyflags

requestlocal

Description

Type integer READONLY

Indicates if the request is local. requestlocal is true if no request was made to run on a remote host using pmrun -h.

Example
# reject requests to run on a remote host 
if (requestLocal == false) 
   reject "remote requests are not allowed";

requestuser

Description

Type string READONLY

requestuser is initialized to the selected user name if you select the pmrun –u option. It is a request to set the runuser for the session to the selected user name. The administrator can decide whether to honor the request in the policy file. By default, this variable is set to the value of the user variable.

Example
if ((user in adminusers) && (requestuser in adminusers_allowed)) 
{ 
   runuser = requestuser; 
}
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating