Integration with CA Access Control

Implementation Guide › Installing and Customizing a UNAB Host › Before You Begin › Integration with CA Access Control

Integration with CA Access Control

If you intend to install UNAB and CA Access Control on the same endpoint, you can leverage some UNAB capabilities to display UNAB specific information in CA Access Control. For example, you can display the enterprise user name instead of the UNIX account name in audit records. The seos.ini configuration file contains tokens that you enable when you want to integrate UNAB with CA Access Control

Important! Before you integrate UNAB with CA Access Control, verify that CA Access Control version r12.5 or later is installed on the endpoint.

The following tokens in the [seosd] section control the integration of UNAB with CA Access Control:

use_unab_db: Specifies that seosd uses the UNAB database to resolve user and groups names. This token enables CA Access Control to detect changes in UNAB, such as a new user login.
use_mapped_user_name: Specifies whether seosd uses the user enterprise name in audit records. When enabled, the seaudit utility displays the enterprise user name rather than the UNIX account name.

The following tokens in the [OS_User] section control the integration of UNAB with CA Access Control:

nonunix_unabgroup_enabled: Specifies whether CA Access Control supports non UNIX groups of users in the UNAB database. When enabled, CA Access Control supports users from non UNIX groups.
osuser_enabled: Specifies whether enterprise users and groups are enabled.

The following tokens in the [seos] section control the integration of UNAB with CA Access Control:

auth_login: Determines the login authority method. This token enables password checks to authenticate users, for example, sesudo, sesu, and sepass.
pam_enabled: Specifies whether the local host enables use of PAM for authentication and password changes in the LDAP database.

The following tokens in the [passwd] section control the integration of UNAB with CA Access Control:

nis_env: Specifies whether the local host is an NIS or NIS+ client.
change_pam: Specifies whether the local host uses PAM for password authentication and changes in the LDAP database. Use this token to enable sepass to work with external pam stores, for example UNAB.

The following tokens in the [pam_seos] section control the integration of UNAB with CA Access Control:

PamPassUserInfo: Specifies whether pam_seos sends user information to seosd.
pam_login_events_enabled: Specifies whether pam_seos sends login events to seosd.
pam_surrogate_events_enabled: Specifies whether pam_seos sends surrogate events to seosd.

Note: For more information about the seos.ini tokens, see the Reference Guide.