pmd1
In the [pmd] section, the tokens are used to configure the generic Policy Model settings.
capamsc141
In the [pmd] section, the tokens are used to configure the generic Policy Model settings.
- ClientOperationTimeoutDefines the number of seconds a Policy Model client waits for a response from the Policy Model. If the Policy Model does not respond within this time frame, the client assumes that the Policy Model is non-responsive.Default:60 seconds
- is_maker_checkerSpecifies whether to use Dual Control. Ifyesis selected, then the database cannot be updated directly, but only through a policy model database by a pair of administrators - a Maker and a Checker, who must collaborate on the update.Values:yes, noDefault:no
- min_retriesSpecifies the minimum number of attempts that are made by sepmdd to access an unavailable subscriber before giving up and temporarily shutting itself down.Default:4
- pass_authSpecifies whether sepass verifies the invoker password during a remote password change. The sepass utility compares the old password that the user enters with the password stored in the local database. If this token is set to yes, then sepass also compares the old password that the user running sepass enters with their own password as it is stored in the remote database (pmdb). This means that the sepass user must enter their own password even when changing the password for another user.Values:yes, noDefault:yes
- pmd_backup_directorySpecifies the directory to store Policy Model backups. Each Policy Model backup in stored in a subdirectory named <pmd_name>.Default:/opt/CA/PAMSC/data/policies_backup
- pmd_directorySpecifies the directory in which the policy model database resides. Each policy model database resides in the_pmd_directory_/<pmd_name>subdirectory where <pmd_name> is the policy model name.Default:/opt/CA/PAMSC/policies
- pull_optionSpecifies that the local host, and any policy model on this station, have a parent policy model to which they subscribe. When this station becomes temporarily unavailable to send updates, the pull_option token enablesPrivileged Access Manageragent to send a message to these parent policy models when this station becomes available again. Then the parents start sending updates immediately, instead of waiting for the next retry.Values:yes, noDefault:yes
- QD_timeoutSpecifies the maximum time (seconds) that the daemon sepmdd waits to update a subscriber database during the first scan of the subscribers. If the maximum time elapses and the daemon fails in updating a subscriber, then it skips to the remaining subscribers.Default:3
- retry_timeoutSpecifies the time (minutes) between consecutive attempts to access an unavailable subscriber.Default:30 minutes
- send_unix_envSpecifies the token when set to yes, thesepmd -noption sends the content of the policy model password files and group files.Values:yes, noDefault:yes
- ShutdownWaitingTimeoutDefines the number of milliseconds a Policy Model waits for its components to shut down gracefully. If Policy Model components do not shut down gracefully within this time frame, the Policy Model forces them to shut down.Default:60 milliseconds
- shutoff_timeThe time (in minutes) sepmdd waits before shutting itself off. If this token is set to zero, sepmdd never shuts itself off.Default: 0
- updates_in_chunkSpecifies the maximum number of commands that the Policy Model sends to each subscriber every cycle. The Policy Model sends commands to its subscribers one by one in a loop.Default: 10