Check and Process Transactions
When Dual Control is activated, the checker needs process transactions created by a maker.
capamsc141
When Dual Control is activated, the checker needs process transactions created by a maker.
To check a transaction
- Make sure that the following conditions are true:
- You (as the checker) have ADMIN authority.
- Another Checker does not lock the transaction.
- None of the commands pertain to you. (You cannot process commands that involve yourself.)
- Navigate to theACInstallDir/bin pathwhereACInstallDiris the installation directory forPAM Server Control, by default /opt/CA/PAMSC.
- View the transactions that are waiting to be processed before execution:sepmd -m laOr, view all the transactions except the transactions that you yourself created:sepmd -m loEach transaction includes the name of the maker, the ID number of the transaction, and the name or description of the transaction.
- Lock the transactions before processing them:sepmd -m r transactionIdA locked transaction cannot be changed.
- Process the transaction:sepmd -m p transactionIdcodecodeCan be one of the following:0—The transaction is rejected.In this case, all the commands in the transaction are deleted and no changes are implemented in the PMDB.1—The transaction is authorized.The commands in the transaction are immediately implemented in the PMDB.2—The transaction is unlocked.The transaction returns to the queue of waiting transactions and can be processed later, perhaps by a different checker.sepmd -m ptransactionIdcode
- codeCan beoneof the following:
- 0The transaction is rejected.In this case, all the commands in the transaction are deleted and no changes are implemented in the PMDB.
- 1The transaction is authorized.The commands in the transaction are immediately implemented in the PMDB.
- 2The transaction is unlocked.The transaction returns to the queue of waiting transactions and can be processed later, perhaps by a different checker.
For more information on makers and checkers, see the sepmd utility in the
Reference Guide
and the start_transaction command in the selang Reference section
.