Chat now with support
Chat with Support

Privilege Manager for Unix 7.3 - Administration Guide

Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager for Unix Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager for Unix Variables
Variable names Variable scope Global input variables Global output variables Global event log variables PM settings variables
Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures
Environment functions Hash table functions Input and output functions LDAP functions LDAP API example List functions Miscellaneous functions Password functions Remote access functions String functions User information functions Authentication Services functions
Privilege Manager for Unix programs Installation Packages

Verifying PM Agent configuration

To verify the PM Agent configuration

  1. From the command line, run:

    # pmclientinfo

    The pmclientinfo command displays the current configuration settings. For example:

    [0][root@host1 /]# pmclientinfo
       - Joined to a policy group                 : YES
       - Name of policy group                     : polsrv1.example.com
       - Hostname of primary policy server        : polsrv1.example.com
       - Policy type configured on policy group   : pmpolicy
    [0][root@host1 /]#
    

    The secondary server PM Agent will be joined to the secondary server. This is unique because all other PM Agent hosts must join to the primary server.

Load balancing on the client

Load balancing is handled on each client, using information that is returned from the policy server each time a session is established.

If a session cannot be established because the policy server is unavailable (or offline) that policy server is marked as unavailable, and no further pmrun sessions are sent to it until the next retry interval.

pmloadcheck runs transparently on each host to check the availability and loading of the policy server. When a policy server is marked as unavailable, pmloadcheck attempts to connect to it at intervals. If it succeeds, the policy server is marked as available and able to run Privilege Manager for Unix sessions.

To view the current status of the policy server

  • Run the following command:

    # pmloadcheck [-f]

If the policy server cannot be contacted, the last known information for this host is reported.

Remove configurations

You can remove the Privilege Manager for Unix Server or PM Agent configurations by using the -u option with the following commands:

  • pmsrvconfig to remove the Privilege Manager for Unix Server configuration

  • pmjoin to remove the PM Agent configuration

Take care when you remove the configuration from a policy server, particularly if the policy server is a primary server with secondary policy servers in the policy group, as agents joined to the policy group will be affected.

Uninstalling the Privilege Manager for Unix software packages

To uninstall the Privilege Manager for Unix packages

  1. Log in and open a root shell.

  2. Use the package manager for your operating system to remove the packages:

Table 6: Privilege Manager for Unix Server uninstall commands
Package Command

RPM

# rpm -e qpm-server

DEB

# dpkg -r qpm-server

Table 7: PM Agent uninstall commands
Package Command

RPM

# rpm -e qpm-agent

DEB

# dpkg -r qpm-agent

Solaris

# pkgrm QSFTpmagt

HP-UX

# swremove qpm-agent

AIX

# installp -u qpm-agent

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating