To join a PM Agent to a policy server
- Log on as the root user and change to the directory containing the qpm-agent package for your specific platform. For example, on a 64-bit Red HatLinux, enter:
# cd agent/linux-x86_64
# pmjoin <primary_policy_server>
where <primary_policy_server> is the hostname of the primary policy server.
Running pmjoin performs the configuration of the PM Agent, including modifying the pm.settings file The pmjoin command supports many command line options. See pmjoin for details or run pmjoin with the -h option to display the help.
When you run pmjoin with no options, the configuration script automatically configures the agent with default settings. See Agent configuration settings for details about the default and alternate agent configuration settings.
You can modify the /etc/opt/quest/qpm4u/pm.settings file later, if you want to change one of the settings. See PM settings variables for details.
- When you run pmjoin with the -i (interactive) option, the configuration script gathers information from you by asking you a series of questions. During this interview, you are allowed to either accept a default setting or set an alternate setting.
Once you have completed the configuration script interview, it configures the agent and joins it to the policy server.
- When you run pmjoin for the first time, it asks you to read and accept the End User License Agreement (EULA).
Once you complete the agent configuration script (by running the pmjoin command), it:
- Enables the pmlocald service
- Updates the pm.settings file
Adds the Privilege Manager shells to the system's list of valid shells and creates wrappers for the installed (system) shells. The following shells are provided, based on standard shells:
- pmksh, a Privilege Manager enabled version of the Korn shell
- pmsh, a Privilege Manager enabled version of the Bourne shell
- pmcsh, a Privilege Manager version of c shell
- pmbash, a Privilege Manager version of the Bourne Again Shell
Each shell provides command-control for every command entered by the user during a login session. You can configure each command the user enters to require authorization with the policy server for execution. This includes the shell built-in commands.
- Updates /etc/shells
- Reloads the pmserviced configuration
- Checks the connection to the policy server host
- To verify that the agent installation has been successful, as an unprivileged user, run a command that is permitted by the default Privilege Manager for Unix security policy, demo.profile. For example, the default security policy allows any user to run the id command as the root user:
# pmrun id
This returns the root user id, not the user’s own id, to show that the command ran as root.