Chat now with support
Chat with Support

Safeguard for Sudo 2.0 - Administrators Guide

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Unix Introducing Privilege Manager for Sudo Planning Deployment Installation and Configuration
Download Privilege Manager for Unix Software Packages Download Privilege Manager for Sudo Software Packages Quick Start and Evaluation Configure a Primary Policy Server Configure a Secondary Policy Server Install PM Agent or Sudo Plugin on a Remote Host Remove Configurations
Upgrading Privilege Manager System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager Variables Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures Privilege Manager Programs Installation Packages Unsupported Sudo Options Sudo Plugin Policy Evaluation About us

vas_auth_user_password

Syntax
int vas_auth_user_password ( string user, string pmpt, [, int tries] )
Description

The vas_auth_user_password function attempts to authenticate a user to Active Directory using the Authentication Services API. This feature is platform dependent. The feature_enabled() function indicates whether this feature is supported on a particular policy server.

Returns 1 if the user successfully authenticates; otherwise it returns 0 (zero).

Example
if (feature_enabled(FEATURE_VAS) ) { 
   if (!vas_auth_user_password(user, "AD Password:", 3)) { 
      reject “Failed to authenticate to AD”; 
   } 
}

vas_host_in_ADgrouplist

Syntax
int vas_host_in_ADgrouplist ( string hostname, string domain, list ADgrouplist [, boolean verbose] )
Description

The vas_host_in_ADgrouplist function checks if the selected host name and domain is a member of any group in the selected list. It calls vas_host_is_member for each item in the list.

Returns: -1 if host is not found in the list, otherwise it returns the index of the matched list entry.

vas_host_is_member

Syntax
int vas_host_is_member ( string hostname, string groupname [, string domain [, boolean verbose]] )
Description

The vas_host_is_member function checks whether a selected host name and selected domain is a member of the selected group. If domain is empty, it defaults to the joined domain. You can specify the group name as <domain>/<group> or <group>@<domain>.

Returns: 0=host not in group; 1=host in group; -1: error

vas_user_get_groups

Syntax
int vas_user_get_groups ( string username, string domainname [, boolean verbose] )
Description

The vas_user_get_groups function checks membership of the group lists.

Returns the index of the matched list item if found, or -1 if not found.

Related Documents