Previous Topic: How You Can Set Up a Hierarchy

Next Topic: Create and Configure Subscriber PMDBs

Endpoint Administration Guide for UNIXManaging Policy ModelsAutomatic Rule-based Policy UpdatesHow You Can Set Up a HierarchyCreate and Configure the Master PMDB

Create and Configure the Master PMDB

To let you manage policies from a central location, you first need to create and configure a master PMDB. To do this on a local host, you can use the sepmdadm command.

Note: The following procedure shows the interactive form of the sepmdadm command. For information about using the command‑line parameters for all input, see the Reference Guide.

To create and configure the master PMDB

  1. In a command line, enter the following command: 
    sepmdadm ‑i

    CA Access Control starts the Policy Model database administration script (sepmdadm) and displays a menu with options for you to choose from.

  2. Enter 1, to select the first option (create a master PMDB and define its subscribers).

    The script is configured to ask you the relevant questions.

  3. Press Enter to continue.

    The script continues to ask you the first question.

    Note: If CA Access Control is not running, the script issues a warning and lets you start CA Access Control before the script is rerun.

  4. Enter a name for the Policy Model you want to create.

    The script registers the Policy Model name and continues.

  5. Enter the name of the first subscriber computer you want to specify.

    The script registers the name of the first subscriber and then asks you to enter the name of the next subscriber.

  6. Continue to enter subscriber names as necessary, then press Enter without entering a subscriber name.

    The script registers all subscriber names and continues.

    Note: You still must point each subscriber computer to its parent PMDB.

  7. If you are running NIS, NIS+, or DNS, choose whether you want to update the NIS/DNS tables with PMDB changes.

    Updates are made to users and groups in the PMDB. The tables provide information on users and their characteristics. If you choose yes, a UNIX user or UNIX group updated through the Policy Model is also updated in the NIS passwd and group files.

    1. Enter y if you want to update the NIS/DNS tables.

      The script now asks you for the location of the NIS passwd and group files.

      1. Enter the full path of the NIS password file.

        The script registers the full path and continues.

      2. Enter the full path of the NIS group file.

        The script registers the full path and continues.

    2. Enter n or press Enter if you want to update the NIS/DNS tables.

      The script registers your answer and continues.

  8. Enter the users you want to give special attributes for the PMDB:
    1. Enter CA Access Control administrator names as necessary, then press Enter without entering an administrator's name.

      Administrators are authorized to change the properties of the PMDB.

      Note: At least one administrator must be defined in a PMDB (root is the default).

    2. Enter enterprise user administrator names as necessary, then press Enter without entering an administrator's name.
    3. Enter CA Access Control auditor names as necessary, then press Enter without entering an auditor's name.

      Auditors are authorized to view the PMDB's audit log files.

    4. Enter enterprise user auditor names as necessary, then press Enter without entering an auditor's name.
    5. Enter CA Access Control password manager names as necessary, then press Enter without entering a password manager's name.
    6. Enter enterprise user password manager names as necessary, then press Enter without entering a password manager's name.

      Password managers are authorized to change passwords in the PMDB.

    The script registers your answer and continues.

  9. Enter administration terminals as necessary, then press Enter without entering an administration terminal.

    The script registers all administration terminals and then reports the selections you have made and asks you to confirm them.

  10. Press Enter to confirm the selections you have made, or enter n to rerun the script with new inputs.

    If you confirm your selections, a new PMDB is created using the answers you supplied.

More information:

Create and Configure Subscriber PMDBs

Define Parent PMDBs for Subscribing Computers