Chat now with support
Chat with Support

Privilege Manager for Unix 7.1.1 - Administration Guide

Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager for Unix Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager for Unix Variables
Variable names Variable scope Global input variables Global output variables Global event log variables PM settings variables
Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures
Environment functions Hash table functions Input and output functions LDAP functions LDAP API example List functions Miscellaneous functions Password functions Remote access functions String functions User information functions Authentication Services functions
Privilege Manager for Unix programs Installation Packages

Password functions

These are the built-in password functions available to use within the pmpolicy file.

Table 43: Password functions
Name Description
getgrouppasswd Request a name and password of someone in the specified group on the policy server or agent.
getstringpasswd Request a password from the user to match one generated using pmpasswd.

getuserpasswd

Request a user’s password on the policy server or agent.

getgrouppasswd

Syntax
int getgrouppasswd ( string group [, int attempts])
Description

The getgrouppasswd function prompts you for a user name in the user group group on the policy server and then prompts for that user’s password and authenticates the user on the policy server. The user may try up to attempts times to correctly enter the password before the function exits. The default number of allowed attempts is 3.

By default, this function authenticates the user on the policy server. Set the value of getpasswordfromrun in pm.settings to yes to authenticate the user on the client instead.

Returns true if the user successfully authenticates on the policy server, otherwise returns false if the user fails to authenticate after attempts tries.

Example
if (getgrouppasswd("admin", 2) == false) 
{ 
   reject; 
}

getstringpasswd

Syntax
int getstringpasswd ( string password [, string prompt] [, int attempts] )
Description

getstringpasswd prompts you for a "code word" which has been encrypted using the pmpasswd program and specified in the configuration file. You can also specify an optional prompt, which defaults to "Password:". And, you can specify the number of attempts to allow; the default is 3.

Returns true if the user enters the correct codeword; otherwise false.

Example
if (getstringpasswd("GhDByC9JGIRFI", "Enter password now: ", 4) == false) { 
   reject ; 
}

getuserpasswd

Syntax
int getuserpasswd ( int user [, string prompt] [, int attempts] )
Description

getuserpasswd prompts the specified user for a password. You can specify an optional prompt, which defaults to "Password:". And you can specify the number of attempts to allow; the default is 3.

By default, this function authenticates the user on the policy server. Set the value of getpasswordfromrun in pm.settings to yes to authenticate the user on the client instead.

Returns true if the user enters the correct codeword; otherwise false.

Example
if (getuserpasswd("admin", "Password: ", 1) == false ) { 
   reject; 
}
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating