Chat now with support
Chat with Support

Safeguard for Sudo 2.0 - Administrators Guide

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Unix Introducing Privilege Manager for Sudo Planning Deployment Installation and Configuration
Download Privilege Manager for Unix Software Packages Download Privilege Manager for Sudo Software Packages Quick Start and Evaluation Configure a Primary Policy Server Configure a Secondary Policy Server Install PM Agent or Sudo Plugin on a Remote Host Remove Configurations
Upgrading Privilege Manager System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager Variables Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures Privilege Manager Programs Installation Packages Unsupported Sudo Options Sudo Plugin Policy Evaluation About us

getstringpasswd

Syntax
int getstringpasswd ( string password [, string prompt] [, int attempts] )
Description

getstringpasswd prompts you for a "code word" which has been encrypted using the pmpasswd program and specified in the configuration file. You can also specify an optional prompt, which defaults to "Password:". And, you can specify the number of attempts to allow; the default is 3.

Returns true if the user enters the correct codeword; otherwise false.

Example
if (getstringpasswd("GhDByC9JGIRFI", "Enter password now: ", 4) == false) { 
   reject ; 
}

getuserpasswd

Syntax
int getuserpasswd ( int user [, string prompt] [, int attempts] )
Description

getuserpasswd prompts the specified user for a password. You can specify an optional prompt, which defaults to "Password:". And you can specify the number of attempts to allow; the default is 3.

By default, this function authenticates the user on the policy server. Set the value of getpasswordfromrun in pm.settings to yes to authenticate the user on the client instead.

Returns true if the user enters the correct codeword; otherwise false.

Example
if (getuserpasswd("admin", "Password: ", 1) == false ) { 
   reject; 
}

Remote Access Functions

These are the built-in remote access functions available to use within the policy file:

Table 46: Remote access functions
Name Description
remotefileexists Check a file exists on a host.
remotegroupinfo Check if a group exists on a host.
remotegrouplist Get a list of groups from a host.
remotesysinfo Get the uname information from a host.
remoteusergroups Get a list of a user’s groups on a host.
remoteuserinfo Get a user’s information from a host.
remoteuserlist Get a list of users on a host.

remotefileexists

Syntax
int remotefileexists ( string hostname, string filename )
Description

The remotefileexists function checks whether a filename exists on the remote system hostname.

Returns true if the file exists; otherwise, it returns false.

NOTE: The remote host must be configured to run either pmmasterd or pmclientd to respond to this function.

Example
print(remotefileexists(runhost,"/etc/passwd"))
Related Documents