Партнёры:
Хостинг:
NAME
utpolicy - Sun Ray authentication manager policy management
command
SYNOPSIS
/opt/SUNWut/sbin/utpolicy -a [ -g ] [ -m ] [ -p ] [ -r
type ] [ -s type ] [ -z type ]
/opt/SUNWut/sbin/utpolicy -a [ -t list ] [ -t clear ] [
-t add:tid ] [ -t del:tid ]
/opt/SUNWut/sbin/utpolicy -i { clear | soft }
/opt/SUNWut/sbin/utpolicy -h
/opt/SUNWut/sbin/utpolicy
DESCRIPTION
The utpolicy command writes the policy configuration of the
Sun Ray authentication manager, utauthd(1M).
OPTIONS
With no options, utpolicy prints out the policy in effect.
With the -h option, utpolicy prints out the usage message.
Three categories of options are supported: Policy Setting,
Card Reader Assignment, and Software Restart.
-a This option, followed by valid Policy Setting, or Card
Reader Assignment arguments, applies these arguments
to the active authentication policy for the system.
This option is not valid by itself.
POLICY SETTING
The specified Policy Setting arguments completely replace
the current active authentication policy. In other words,
only arguments that are specified become active. Policy Set-
ting and Card Reader Assignment arguments can be specified
together.
-g Turn on session selection within a server group.
Allows the user to select on which server the user's
session is run.
-m Enable multihead session capability, allowing multiple
terminals to act as display devices for a single user
session.
-p This option changes the behavior of the self-
registration application so that it does not require
the Solaris name and password before registering a
token. Note that the self-registration application
only verifies the name and password. They are not
stored.
-r {card|pseudo|both}
Specify the token types that must be registered in the
administrative database in order to be granted access
to a login screen. Policy looks up and uses token
database entry.
-s {card|pseudo|both}
Specify the token types that will be presented with a
registration screen if they do not have an entry in
the administrative database. Policy allows self-
registration of tokens.
-z {card|pseudo|both}
Specify the token types that do not require an entry
in the administrative database in order to be granted
access to a login screen. Policy grants access to
tokens without database entry.
CARD READER ASSIGNMENT
The Card Reader Assignment arguments are incremental in
nature (a complete specification does not have to occur all
at once). This means a card reader can be added today and
another can be added next week. Both will then be active
until explicitly deleted. Policy Setting and Card Reader
Assignment arguments can be specified together.
-t add:terminalId
Add a terminal (appliance) identification to the list
of terminals being used as dedicated card readers. If
a partial terminalId is specified, then the model will
be assumed to be CoronaP1. If the terminalId is pre-
ceded by a backslash, then the terminalId will be used
without any transformation.
-t clear
Reset the list of Sun Ray appliances in dedicated card
reader mode.
-t del:terminalId
Remove a terminal (appliance) identification from the
list of terminals being used as dedicated card
readers.
-t list
List the terminal IDs of the Sun Ray appliances that
are currently being used as dedicated card readers for
registration of tokens.
SOFTWARE RESTART
Software Restart options CANNOT be combined with Policy Set-
ting or Card Reader Assignment arguments.
-i {clear | soft}
Restarts the Sun Ray services. When used with the
clear argument, utpolicy clears out all existing ses-
sions before restarting Sun Ray services. The soft
argument leaves sessions intact. Some sessions might
be unreachable after restart.
The following options are RESERVED for use by the Sun Ray
Server Software and should not be used:
-G, -P, -Q, -b, -f, -l, -u, -x, +x
EXAMPLES
The utpolicy command is meant to simplify utauthd(1M)
program's policy configuration.
Example 1: This command is equivalent to the default policy.
It allows all appliances to be used with or without a smart
card. Access is granted to the normal Solaris login screen.
utpolicy -a -z both
Example 2: This command indicates that all access via smart
card requires a valid administrative database entry before
access is granted. If a database entry has not been created
for a smart card, then a registration session is presented
on the appliance. If no smart card is used, then the normal
Solaris login screen is presented.
utpolicy -a -r card -s card -z pseudo
Example 3: This command is like the previous except that it
does not allow for users to register their own smart cards.
Instead it is assumed that the appliance specified in the -t
add: option will be used along with the appropriate adminis-
trative tools to create the necessary database entries. In
this example, the terminalId is expanded to
CoronaP1.080020a8e723.
utpolicy -a -r card -z pseudo -t clear -t add:080020a8e723
FILES
The following files are used:
/etc/opt/SUNWut/policy/utpolicy
The policy configuration file
/etc/opt/SUNWut/terminals
The list of appliances being used as dedicated card
readers
/etc/opt/SUNWut/auth.props
Sun Ray authentication manager's configuration file
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
| Availability | SUNWuto |
|_____________________________|_____________________________|
SEE ALSO
utauthd(1M), auth.props(4)
|
Закладки на сайте Проследить за страницей |
Created 1996-2024 by Maxim Chirkov Добавить, Поддержать, Вебмастеру |