lang

In the [lang] section, the tokens specify the attributes used by the selang command language programs: selang, Security Administrator, and seadm.
capamsc141
In the [lang] section, the tokens specify the attributes used by the selang command language programs: selang, Security Administrator, and seadm.
  • check_password
    Determines whether selang requests users to specify their own passwords. Valid values include:
    no
    -selang does not require any passwords
    yes
    -Users are prompted to enter their passwords.
    Default:
    no
  • exit_timeout
    Specifies the maximum time, in seconds, that allows the exit program to execute. After this time has passed, the token kills the exit program.
    Default:
    30
  • exits_dir
    Specifies the target directory where exits are installed by the
    ACInstallDir
    /lbin/install_exits.sh shell script.
    Default:
    ACInstallDir
    /exits
  • exits_source_dir
    Specifies the source directory of the exits to be installed by the
    ACInstallDir
    /install_exits.sh shell script.
    Default:
    ACInstallDir
    /samples/exits-src
  • help_path
    Specifies the directory in which lang help files are located.
    Default:
    ACInstallDir
    /data/langhelp
  • HNODE_max_events
    Specifies the maximum number of health status events that the HNODE record writes. If events exceed the configured maximum number, then the oldest events are removed.
    Default:
    10
  • language
    Defines the language 
    Privileged Access Manager
    installs in (for internal use).
    Default:
    english
  • max_groups_buffsize
    Specifies the buffer size, in KB, that the security administrator uses when communicating with the database. This token is used when a UNIX update needs to be applied.
    Default:
    128
  • no_check_password_users
    Specifies users who are not asked to enter their passwords.
    This token is relevant only if the token check_password is set to
    yes
    .
    Valid values include a list of users separated by commas.
    Default:
    none
  • passwd_copy
    Specifies how the password file (/etc/passwd) or PMDB password file
    (/PMDB_Directory
    /policies/pmdb/passwd) is updated when you copy the temporary file back to the original after changing user information. Valid values include:
    fast_copy
    - Copies information over the file.
    rename
    - Changes the directory to point to the new file.
    Default:
    fast_copy
  • post_group_exit
    Specifies the path of the exit program to be called after a group command is executed in the UNIX environment.
    Default:
    ACInstallDir
    /exits/lang_exit.sh
  • post_user_exit
    Specifies the path of the exit program to be called after a user command is executed in the UNIX environment.
    Default:
    ACInstallDir
    /exits/lang_exit.sh
  • pre_group_exit
    Specifies the path of the exit program to be called before a group command is executed in the UNIX environment.
    Default:
    ACInstallDir
    /exits/lang_exit.sh
  • pre_user_exit
    Specifies the path of the exit program to be called before a user command is executed in the UNIX environment.
    Default:
    ACInstallDir
    /exits/lang_exit.sh
  • query_size
    Specifies the maximum number of records to be listed in a database query.
    Default:
    100
  • RecvTimeOut
    Specifies the maximum time, in seconds, that selang waits to receive information before timing out.
    If you set the valueto 0, there is no time-out.
    Default:
    60
  • SendTimeOut
    Specifies the maximum time, in seconds, that selang waits to send information before timing out.
    If you set the valueto 0, there is no time-out.
    Default:
    60
  • SetBlockRun
    Specifies whether to check if a program is trusted and block the execution of untrusted programs. The execution blocking is performed regardless whether the program is a setuid or a regular program.
    Valid values include the following:
    yes
    -All programs that are defined with viapgm authorization rules have the blockrun property set to yes.
    no
    -All programs that are defined with viapgm authorization rules have the blockrun property set to no.
    suid
    -All setuid programs have the blockrun property set to yes, and all other programs have the blockrun property set to no.
    Default:
    yes
  • swap_deletion_order
    Defines the order in which the "ru
    userName
    unix" command (user deletion) is executed in selang. Typically, this command is first executed in the AC environment, and then in the UNIX environment. Sometimes (for example, a group administrator deleting a user) where you would want to reverse this order.
    Valid values are:
    no
    - remove the user from the AC environment before the UNIX environment.
    yes
    - remove the user from the UNIX environment before the AC environment.
    Default:
    no
  • timeout
    Specifies the maximum time, in seconds, the client waits for seosd daemon to respond. If seosd does not respond within this period, an error message is sent noting that seosd is not responding. The client then stops trying to connect to seosd.
    Default:
    90
  • use_old_commands
    Specifies whether to disable old ACF2 compatibility commands (ag, lg, rg, lu, au, and so on).
    Limits:
    0do not support old commands, 1support old commands
    Default:
    1 (support old commands)
  • use_unix_file_owner
    Specifies whether a UNIX owner of a file can define the file. If the value is yes, an owner of a file in UNIX can define it using the newres or newfile command.
    If the file is already defined, the user cannot change its parameters in the database unless the user is allowed to do so according to the normal authorization rules.
    Valid values are yes and no.
    Default:
    no