sepmd Utility Administer Dual Control
Valid on UNIX
capamsc141
Valid on UNIX
The sepmd utility manages Dual Control transactions. The sepmd utility gives a unique ID number to each transaction when it is created.
For more information about Dual Control, see the
Endpoint Administration Guide for UNIX
.When you use Dual Control, the name of the PMDB must be
maker
and the is_maker_checker configuration setting must have the value yes for both the PMDB and Privileged Access Manager
.This command has the following format:
sepmd -m {l|la|lo} sepmd -m {d|r} <transactionId> sepmd -m p <transactionId> <code>
- -m dDeletes the transaction. A transaction is one or more commands that must be approved before they are implemented on the PMDB. Only the user who created the transaction can delete it.
- -m lLists the unprocessed transactions (awaiting the Checker) of the user who invoked the command. Each transaction is listed with its ID number, the name of its Maker (the user who created the transaction-in this case the same user who invoked the command), and its description, if any.
- -m laLists all the unprocessed transactions of all the Makers. Each transaction is listed with its ID number, the name of its Maker, and its description, if any.
- -m loLists the unprocessed transactions (awaiting the checker) of all the Makersexceptthe transactions of the user who invoked the command.
- -m pProcesses a transaction. When the Checker (any admin userexceptthe Maker who created the transaction) enters an ID number, all the commands in the specified transaction appear in a list.This option does not work in the following circumstances:
- If one or more of the commands in the transaction pertain to the user who invoked the command.
- If the transaction is locked by a different Checker
- If the transaction was created by the user who invoked the command-Makers cannot act as Checkers for their own transactions.
- If the specified transaction ID does not exist.
- If the user who invokes the command does not have the authority to be a Checker.
- -m rRetrieves or locks a transaction.
- If you are the user who created the transaction (the Maker) this parameter retrieves a specific, unprocessed transaction. After you retrieve the transaction, you can direct it to an appropriate file and use the ASCII editor of your choice (vi, emacs, and so on) to update the transaction.
- If you are a user who isnotthe Maker (Checker) this parameter locks the transaction before processing. You cannot change a locked transaction.
- transacationIDSpecifies the unique identifying number that sepmdd gives to the transaction when it is created
- codeSpecifies a numeric code that tells the Checker what to do when processing the transaction:
- 0Rejects the transaction, in which case all the commands in the transaction are deleted and no changes are implemented in the PMDB
- 1Authorizes the transaction, in which case the commands are immediately implemented in the PMDB
- 2Unlocks the transaction so that it can be processed later, or by a different Checker.