editres config Modify Configuration Settings
Valid in the config environment
capamsc141
Valid in the config environment
Use the editres config command to modify
PAM Server Control
configuration settings.The editres config command has different formats for different sets of files. These sets are:
- Audit configuration files (audit.cfg and auditrouteflt.cfg) and PMDB filter files
- All other files
This command has the following syntax for audit configuration files and PMDB filter files:
editres config name [line+|-(value)] [clear]
This command has the following syntax for all other files:
editres config name section(path) token[-](name) value[+|-](value) data_type(type)
- nameSpecifies the configuration resource you want to modify. To modify a PMDB filter file, specify the file name in the formatpmdname@filter, for example, [email protected]Note:For a list of configuration resources for the host you are managing, use thefind configcommand.
- clearDeletes all values from the audit configuration file or PMDB filter file.This option does not delete comments from the file.
- data_type(type)Specifies the data type of the configuration entry.Values:str, numeric, multi_strDefault:strFor UNIX, data_type can only bestr. Other data types are not applicable to UNIX, as it stores configuration settings in files (text strings).
- line+(value)Defines the value you want to add to the audit configuration file or PMDB filter file.Thevaluecan be a value or a comment.
- line-(value)Defines the value you want to remove from the audit configuration file or PMDB filter file.Thevaluecan be a value or a comment.
- section(path)Defines the section of the configuration resource that you want to modify.For Windows registry settings, if you do not specify this option, the command modifies the registry keynamedefines.
- token(name)Defines the name of the configuration entry that you want to modify.
- token-(name)Defines the name of the configuration entry that you want to remove.
- value(value)Defines the value that you want to assign to a configuration entry. If a value for the configuration entry already exists,PAM Server Controlreplaces the value withvalue.If you do not specify avalue, the command resets the configuration entry value.
- value+(value)(Windows REG_MULTI_SZ registry entries only) Defines the value that you want to append to a configuration entry.(All other configuration values) Defines the value that you want to assign to a configuration entry. If a value for the configuration entry already exists,PAM Server Controlreplaces the value withvalue.To ensure selang correctly translates the assigned value, enclose the value in quotes (" ").
- value-(value)(Windows REG_MULTI_SZ registry entries only) Defines the value that you want to remove from a configuration entry.(All other configuration values) Specifies to remove any value from the configuration entry.
Examples: Modify ACROOT Configuration Settings on Windows
The following examples show how to modify
PAM Server Control
for Windows configuration settings.- This example configuresPAM Server Controlto use Audit Only mode:er CONFIG ACROOT section(SeOSD) token(GeneralInterceptionMode) value(1)
- This example adds a domain name to the list of domain namesPAM Server Controlmaintains for host name resolution. The domain_names registry entry is a REG_MULTI_SZ registry entry:er CONFIG ACROOT section(SeOSD) token(domain_names) value+(company.com)
- This example removes a domain name from the list of domain namesPAM Server Controlmaintains for host name resolution. The domain_names registry entry is a REG_MULTI_SZ registry entry:er CONFIG ACROOT section(SeOSD) token(domain_names) value-(company.com)
- This example removes a configuration setting:er CONFIG ACROOT section(AccessControl) token-(Emulate)
- This example configures the parent Policy Model of a Policy Model on the managed host:er config myPMDB@PMDROOT token(Parent_Pmd) value([email protected])
Examples: Modify seos.ini Configuration Settings on UNIX
The following examples show how to modify
PAM Server Control
for UNIX configuration settings.- This example configuresPAM Server Controlto enable PAM authentication:er CONFIG seos.ini section(seos) token(pam_enabled) value(yes)
- This example configures the domain name thatPAM Server Controlmaintains for host name resolution:er CONFIG seos.ini section(seosd) token(domain_names) value+(company.com)
- This example removes the domain name thatPAM Server Controlmaintains for host name resolution:er CONFIG seos.ini section(seosd) token(domain_names) value-(company.com)
- This example removes a configuration setting:er CONFIG seos.ini section(serevu) token-(admin_user)
Example: Modify Audit Configuration File
The following example adds a line to the audit configuration file:
er CONFIG audit.cfg line+("FILE;*;Administrator;*;R;P")
Example: Modify PMD Filter File
The following example adds a line to the PMD filter file:
er config pmdb@filter line+("*;*;USER;*;OLD_PASSWD;PASS")