Chat now with support
Chat with Support

Privilege Manager for Unix 7.1 - Administration Guide

Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager for Unix Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager for Unix Variables
Variable names Variable scope Global input variables Global output variables Global event log variables PM settings variables
Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures
Environment functions Hash table functions Input and output functions LDAP functions LDAP API example List functions Miscellaneous functions Password functions Remote access functions String functions User information functions Authentication Services functions
Privilege Manager for Unix programs Installation Packages

Configuring a secondary server

You use the pmsrvconfig -s <primary_policy_server> command to configure a secondary server. See pmsrvconfig for more information about the pmsrvconfig command options.

To configure the secondary server

  1. From the command line of the secondary server host, run:
    # pmsrvconfig –s <primary_policy_server>

    where <primary_policy_server> is the hostname of your primary policy server.

    pmsrvconfig prompts you for the "Join" password from the primary policy server, exchanges ssh keys for the pmpolicy service user, and updates the new secondary policy server with a copy of the master (production) policy.

Once you have installed and configured a secondary server, you are ready to join the PM Agent to it. See Join hosts to policy group for details.

Synchronizing policy servers within a group

Privilege Manager for Unix generates log files containing event timestamps based on the local clock of the authorizing policy server.

To synchronize all policy servers in the policy group, use Network Time Protocol (NTP) or a similar method of your choice.

Install PM Agent on a remote host

Once you have installed and configured the primary policy server, you are ready to install a PM Agent on a remote host.

Checking PM Agent host for installation readiness

To check a PM Agent host for installation readiness

  1. Log on to the remote host system as the root user and navigate to the files you extracted on the primary policy server.
  2. From the root directory, run a readiness check to verify the host meets the requirements for installing and using the PM Agent, by running:
    # sh –-pmpolicy –-policyserver <primary_policy_server>

    where <primary_policy_server> is the hostname of the primary policy server.

    Running –-pmpolicy performs these tests:

    • Basic Network Conditions:
      • Hostname is configured
      • Hostname can be resolved
      • Reverse lookup returns it own IP
    • Privilege Manager for Unix Client Network Requirements
      • PM Agent port is available (TCP/IP port 12346)
      • Tunnel port is available (TCP/IP port 12347)
    • Policy Server Connectivity
      • Hostname of policy server can be resolved
      • Can ping the policy server
      • Can make a connection to policy server
      • Policy server is eligible for a join
      • Policy server can make a connection to the PM Agent on port 12346
  3. Resolve any reported issues and rerun pmpreflight until all tests pass.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating