pmd1

In the [pmd] section, the tokens are used to configure the generic Policy Model settings.
capamsc141
In the [pmd] section, the tokens are used to configure the generic Policy Model settings.
  • ClientOperationTimeout
    Defines the number of seconds a Policy Model client waits for a response from the Policy Model. If the Policy Model does not respond within this time frame, the client assumes that the Policy Model is non-responsive.
    Default:
     60 seconds
  • is_maker_checker
    Specifies whether to use Dual Control. If 
    yes
     is selected, then the database cannot be updated directly, but only through a policy model database by a pair of administrators - a Maker and a Checker, who must collaborate on the update.
    Values:
     yes, no
    Default:
     no
  • min_retries
    Specifies the minimum number of attempts that are made by sepmdd to access an unavailable subscriber before giving up and temporarily shutting itself down. 
    Default:
     4
  • pass_auth
    Specifies whether sepass verifies the invoker password during a remote password change. The sepass utility compares the old password that the user enters with the password stored in the local database. If this token is set to yes, then sepass also compares the old password that the user running sepass enters with their own password as it is stored in the remote database (pmdb). This means that the sepass user must enter their own password even when changing the password for another user.
    Values:
     yes, no
    Default:
     yes
  • pmd_backup_directory
    Specifies the directory to store Policy Model backups. Each Policy Model backup in stored in a subdirectory named <pmd_name>.
    Default:
     /opt/CA/PAMSC/data/policies_backup
  • pmd_directory
    Specifies the directory in which the policy model database resides. Each policy model database resides in the
    _pmd_directory_/<pmd_name>
    subdirectory where <pmd_name> is the policy model name.
    Default:
    /opt/CA/PAMSC/policies
  • pull_option
    Specifies that the local host, and any policy model on this station, have a parent policy model to which they subscribe. When this station becomes temporarily unavailable to send updates, the pull_option token enables 
    Privileged Access Manager
    agent to send a message to these parent policy models when this station becomes available again. Then the parents start sending updates immediately, instead of waiting for the next retry.
    Values:
     yes, no
    Default:
     yes
  • QD_timeout
    Specifies the maximum time (seconds) that the daemon sepmdd waits to update a subscriber database during the first scan of the subscribers. If the maximum time elapses and the daemon fails in updating a subscriber, then it skips to the remaining subscribers.
    Default:
    3
  • retry_timeout
    Specifies the time (minutes) between consecutive attempts to access an unavailable subscriber.
    Default:
    30 minutes
  • send_unix_env
    Specifies the token when set to yes, the 
    sepmd -n
     option sends the content of the policy model password files and group files. 
    Values:
     yes, no
    Default:
     yes
  • ShutdownWaitingTimeout
    Defines the number of milliseconds a Policy Model waits for its components to shut down gracefully. If Policy Model components do not shut down gracefully within this time frame, the Policy Model forces them to shut down.
    Default:
     60 milliseconds
  • shutoff_time
    The time (in minutes) sepmdd waits before shutting itself off. If this token is set to zero, sepmdd never shuts itself off.
    Default: 0
  • updates_in_chunk
    Specifies the maximum number of commands that the Policy Model sends to each subscriber every cycle. The Policy Model sends commands to its subscribers one by one in a loop.
    Default
    : 10