Once you have installed a Privilege Manager agent on a remote host you are ready to join it to the primary policy server.
To join a PM Agent to the primary policy server
# opt/quest/sbin/pmjoin <policy_server>.example.com
where <policy_server> is the name of the primary policy server host.
If you are not running the pmjoin command on a policy server, it requires that you specify the name of a policy server within a policy group.
NOTE: The pmjoin command supports many command line options. (See pmjoin for details or run pmjoin with the -h option to display the help.)
Running pmjoin performs the configuration of the Privilege Manager agent, including modifying the pm.settings file and starting up the pmserviced daemon.
Once you complete the agent configuration script (by running the pmjoin command), it:
This returns displays configuration information about a client host. (See pmclientinfo for details.
To check a Sudo Plugin host for installation readiness
# sh pmpreflight.sh –-sudo –-policyserver <myhost>
where <myhost> is the hostname of the primary policy server.
NOTE: Running pmpreflight.sh –-sudo performs these tests:
To install a Sudo Plugin on a remote host
# cd sudo_plugin/linux-x86_64
# rpm --install qpm-plugin-*.rpm
Once you install the Sudo Plugin package, the next task is to join it to the policy server.
Once you have installed a Sudo Plugin on a remote host you are ready to join it to the primary policy server. Joining a host to a policy server enables it to communicate with the server(s) in the policy group.
NOTE: The pmjoin command configures PM Agents (qpm-agent package) while the pmjoin_plugin command configures Sudo Plugin hosts (qpm-plugin package).
To join a Sudo Plugin to the primary policy server
# pmjoin_plugin <PolicyServer>
where <PolicyServer> is the host name of the primary policy server.
To automatically accept the End User License Agreement (EULA), use the –a option with the "join" command, as follows:
# pmjoin_plugin -a <PolicyServer>
NOTE: When you join a Sudo Plugin to a policy server, Privilege Manager for Sudo adds the following lines to the current local sudoers file, generally found in /etc/sudoers.
## ## WARNING: Sudoers rules are being managed by QPM4Sudo ## WARNING: Do not edit this file, it is no longer used. ## ## Run "/opt/quest/sbin/pmpolicy edit" to edit the actual sudoers rules. ##
When you unjoin the Sudo Plugin, Privilege Manager for Sudo removes those lines from the local sudoers file.
You have now installed the Privilege Manager for Sudo packages, configured a primary policy server for the sudo policy type, and joined the Sudo Plugin to the primary policy server. The primary policy server is ready to accept commands using sudo.