Chat now with support
Chat with Support

Privilege Manager for Unix 6.1 Common Documents - Administration Guide

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager Variables Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures Privilege Manager programs Installation Packages

authenticate_pam_toclient

Syntax
int authenticate_pam_toclient ( string user [, string service] )
Description

The authenticate_pam_toclient function authenticates a user by means of the PAM (Pluggable Authentication Method) APIs on the policy server.

NOTE: For more information on how to configure PAM, consult the documentation for your platform.

The service parameter identifies the name of the PAM service to use to authenticate the user. This can be any valid service name configured in the PAM system configuration. It defaults to the PAM service "login".

This function returns 0 to indicate failure and 1 to indicate success.

Example
if (user=="paul" && basename(command)=="useradd") 
{ 
   if (!authenticate_pam_toclient(user, "sshd")) 
   { 
      reject; 
   } 
   runuser="root"; 
   accept; 
   }

basename

Syntax
string basename ( string pathname )
Description

basename returns the filename portion of a pathname. It does not check that either the filename or path exist.

Example
print(basename("/var/adm/pm.log"));

Returns: "pm.log"

Related Topics

dirname

comparehosts

Syntax
int comparehosts(hoststring, hostpattern)
Description

comparehosts checks whether a host string (either host name or IP string) matches a host definition, which could be a host name (such as, host1.a.b.com), IP address (such as, 10.10.10.1), netgroup (such as, @mygroup1), host pattern (such as, *.a.b.com) or IP address (such as, 10.10.10.*).

This function honors the value of short names defined in pm.settings when resolving host names.

Returns 1 if a match is found, 0 if no match is found.

Example
if (comparehosts(submithost,"*.a.b.com")) 
   { 
      ... 
   }

datecmp

Syntax
int datecmp(date1, date2)
Description

datecmp compares the two dates, which must be in the format YYYY/MM/DD or YY/MM/DD (in which case 2000 is added to the year).

This function returns these values:

  • -1: date1 < date2
  • 1: date1 > date2
  • 0: date1 = date2
Example
if (datecmp(startdate, enddate) >=0) 
   { 
      reject “startdate must be before enddate”; 
   }
Related Documents