Chat now with support
Chat with Support

Privilege Manager for Unix 7.1 - Administration Guide

Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager for Unix Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager for Unix Variables
Variable names Variable scope Global input variables Global output variables Global event log variables PM settings variables
Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures
Environment functions Hash table functions Input and output functions LDAP functions LDAP API example List functions Miscellaneous functions Password functions Remote access functions String functions User information functions Authentication Services functions
Privilege Manager for Unix programs Installation Packages



Type integer READ/WRITE

Set logstdout to true to enable keystroke logging of stdout output produced during the session. The default value is true.

if (command in {"csh","ksh"}) 
   iolog_encrypt = true; 
   log_passwords = false; 
   iolog_errmax = 10000; 
   iolog_opmax = 10000; 
   loggroup = "admin"; 
   logstderr = true; 
   logstdout = false; 
   logstdin = true; 
   iolog = mktemp("/var/adm/pm." + user + "." + command + ".XXXXXX"); 



Type string READ/WRITE

notfoundmsg is set to the message that displays if the selected runcommand is not available on the target host.

notfoundmsg = "Command \"" + runcommand + "\" not available.";



Type list READ/WRITE

passprompts contains a list of strings that should be interpreted as password prompts when attempting to exclude passwords from iolog.

passprompts={"Password=", "Enter password"};



Type list READ/WRITE

pmshell_allow contains a list of regular expressions identifying Privilege Manager for Unix shell subcommands that are pre-authorized. The list may contain regular expressions.

This variable is applicable to pmsh, pmcsh, pmksh, and pmbash.

On startup, the Privilege Manager for Unix shell programs load this list. Any shell subcommand entered by the user that matches one of these expressions is pre-authorized, that is, it will be allowed to run locally without any further authorization by pmmasterd, and will not be logged as an event. By default, the list is empty.

pmshell_allow = {"ls","grep"};
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating