One goal of Group Policy is to simplify and centralize Safeguard Authentication Services configuration data. Use Safeguard Authentication Services Policies to configure everything from basic settings to advanced host access control and account override information.
The Safeguard Authentication Services Configuration policy manages runtime configuration settings stored in the Safeguard Authentication Services configuration file (vas.conf) located in /etc/opt/quest/vas/.
Safeguard Authentication Services Configuration policies support non-tattooing, block inheritance, ACL filtering, and enforced settings. Policies applied later do not override enforced settings. When you unlink all Safeguard Authentication Services Configuration policies, the next GPO processing event restores the Safeguard Authentication Services configuration file to its previous state.
The Mapped User policy controls the mapping between local users and Active Directory users. The Mapped User policy is under Unix Settings | Quest Safeguard Authentication Services | Identity Mapping in the Group Policy Object Editor (GPOE). When a local user is mapped to an Active Directory user, that user specifies his local account user name but is prompted for the Active Directory password of the mapped account. The local account password is no longer used. Unix identity for the local user comes from the /etc/passwd file as usual.
The Mapped User policy allows you to manage user mappings. You can load a list of users from a file in /etc/passwd format. You can load files from the local machine or from a remote Unix host over SSH. When you specify a mapping you can browse Active Directory for a user object.
The Service Access Control policies control which applications a user can log in with.
Service Access Control entries are "append-only" and cannot be overridden. However, if there is duplicate entry, the entry is only added once to the service Allow or Deny file.
Typical services include ftpd, sshd, and login.
Note: telnet uses the login service.
To configure a Service Allow Entry
The New Service dialog opens.
The ftp Configuration item now appears in the results pane.
To configure a service deny entry
The New Service dialog opens.
The ftp Configuration item now appears in the results view.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center