Chat now with support
Chat with Support

Privilege Manager for Unix 6.1.1 - Administration Guide for Unix

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager Variables Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures Privilege Manager programs Installation Packages

Checking the PM Agent configuration status

To check the PM Agent configuration status

  1. From the command line, enter:
    # pmclientinfo

    This command returns output similar to this:

    # pmclientinfo 
       - Joined to a policy group               : YES 
       - Name of policy group                   : MyPolicyGroup 
       - Hostname of primary policy server      : myhost.example.com 
       - Policy type configured on policy group : pmpolicy

    If the PM Agent has been properly configured, it will say ‘Joined to a Policy Group: YES’ and give the policy group name and primary policy server’s hostname.

Related Topics

pmclientinfo

Installing licenses

A newly installed Privilege Manager policy server comes with an evaluation license. See Privilege Manager licensing for more information about the Privilege Manager licensing options.

Although licenses are allocated on a per-agent basis, you install licenses on Privilege Manager policy servers.

No special commands are required to register or license the clients with policy servers. Hosts using the Privilege Manager agents are automatically granted a license once a request is received on the Privilege Manager policy server by means of the pmrun command.

To install a license file

  1. Copy the .xml license file to the policy server.
  2. To install the license, run:
    # /opt/quest/sbin/pmlicense –l <license_file>

    This command displays your currently installed license and the details of the new license to be installed.

  3. When it asks, "Would you like to install the new license (Y/N) [Y]?", press Enter, or type: Y
  4. If there are other policy servers configured in your policy server group, it forwards the license configuration to the other servers.
Related Topics

pmlicense

 

Displaying license usage

Use the pmlicense command to display how many client licenses are installed on the policy server on which you run the command.

Use pmlicense without any arguments to show an overall status summary, including the number of licenses configured and the total licenses in use for each license option.

To display current license status information

  1. At the command line, enter:

    # pmlicense

    Privilege Manager displays the current license information, noting the status of the license. Your output will be similar to the following:

    *** One Identity Privilege Manager *** 
    *** QPM4U VERSION 6.0.0 (0xx) *** 
    *** CHECKING LICENSE ON HOSTNAME:user123.example.com, IP ADDRESS:10.10.178.123 *** 
    *** SUMMARY OF ALL LICENSES CURRENTLY INSTALLED *** 
       * License Type PERMANENT 
       * Commercial/Freeware License COMMERCIAL 
       * Expiration Date NEVER 
       * Max QPM4U Client Licenses 10 
       * Max Sudo Policy Plugin Licenses 0 
       * Max Sudo Keystroke Plugin Licenses 0 
       * Authorization Policy Type permitted ALL 
       * Total QPM4U Client Licenses In Use 4 
       * Total Sudo Policy Plugins Licenses In Use 0 
       * Total Sudo Keystroke Plugins Licenses In Use 0

The above example shows that the current license allows for ten QPM4U clients (PM Agent licenses) and four licenses are currently in use.

Use pmlicense with the –us option to view a summary usage report; use -uf to view the full usage report.

To show a full usage report including last use dates

  1. At the command line, enter:

    # pmlicense -uf

    Your output will be similar to the following:

    Detailed Licensed Hosts Report 
    ---------------------------------------------------------------------------- 
    Number | Last Access Time                              | Hostname 
    ---------------------------------------------------------------------------- 
           | QPM4U            | SudoPolicy | SudoKeystroke | 
    ---------------------------------------------------------------------------- 
    1      | 2012/07/01 17:14 |           |                | admin1.example.com 
    2      | 2012/07/01 17:14 |           |                | user101.example.com 
    3      | 2012/07/01 16:28 |           |                | user123.example.com 
    4      | 2012/07/01 17:14 |           |                | dev023.example.com

The above output shows the full report, including the host names and dates the Unix agents used the policy server.

The pmlicense command supports many other command-line options.

Related Topics

pmlicense

Listing policy file revisions

After you have made several revisions to your policy file under source control, you can view the list of policy file versions stored in the repository.

To display all previous version numbers with timestamps and commit logs

  1. From the command line, enter:
    # pmpolicy log

    This command returns output similar to this:

    ** Validate options          [ OK ] 
    ** Check out working copy    [ OK ] 
    ** Retrieve revision details [ OK ] 
    version="3",user="pmpolicy",date=2011-05-11,time=19:27:01,msg="" 
    version="2",user="pmpolicy",date=2011-05-11,time=19:19:47,msg="added tuser" 
    version="1",user="pmpolicy",date=2011-05-11,time=15:56:12,msg="First import"
Related Documents