In the [pmd] section, the tokens determine the PMDB attributes.
Note: In addition to seos.ini, each policy model has a configuration file named pmd.ini.
Specifies the minimum number of attempts that sepmdd should make to resend the next queued update to an unavailable subscriber. The sepmdd loops through the list of subscribers for outstanding updates and increments the counter each time it cannot resend the update to an unavailable subscriber. The subscriber is marked unavailable after the minimum number of attempts specified in this token.
Default: 4
Defines the directory that CA ControlMinder uses to store Policy Model backups. CA ControlMinder stores each PMD backup in a subdirectory named pmd_name.
Default: ACInstallDir/data/policies_backup
Specifies the directory in which the PMDBs reside. The name can contain up to 70 alphanumeric characters. Specify the full path of the directory. Each Policy Model resides in the directory pmdDirectory/pmdName.
Default: ACInstallDir/policies
Same as _pmd_directory_
Defines the name of the Policy Model daemon.
Specifies the maximum time, in seconds, that the sepmdd daemon waits while attempting to update a subscriber database during the first scan of its subscriber list. If the time elapses and the daemon does not succeed in updating a subscriber, it skips that particular subscriber and tries to update the remainder of the subscribers on its list.
After completing the first scan of the subscriber list, sepmdd then performs a second scan in which it attempts to update the subscribers it did not succeed in updating during the first scan. During the second scan, it tries to update a subscriber until the connect system call times out (approximately 90 seconds).
Default: 3
Specifies the time, in minutes, to wait before trying to resend an update to an unavailable subscriber, after the minimum number of attempts specified in _min_retries_ has been made. It marks the subscriber available after the number of minutes defined by this token elapses.
A subscriber is marked unavailable until:
Note: Shutting down sepmdd too often is not desirable because it takes time to restart the daemon, which results in slowing the whole propagation process. Allowing it to be on all the time is also undesirable because there maybe some stability issues, but it is only a conjecture.
Default: 30
Specifies the time, in minutes of activities before sepmdd quits. If the token value is zero, sepmdd never quits.
Default: 0
Defines the timeout period, in seconds, a client waits for a response from the Policy Model.
Default: 60
Specifies whether to use Dual Control.
Valid values are yes and no.
If the token value is yes, you cannot update the database directly, but only through a PMDB, and two administrators-a Maker and a Checker-must collaborate on the update.
Default: Token not set (no)
Specifies whether sepass verifies the invoker's password during a remote password change. The sepass utility always compares the old password the user enters with the password stored in the local prodname database. If you set this token to yes, sepass also compares the old password the user running sepass enters with their own password as it is stored in the remote prodname database (usually pmdb). This means that the sepass user must enter their own password even when changing the password for another user.
Values: yes, no
Default: yes
Specifies whether subscriber databases are updated as soon as they become available.
Valid values are yes and no.
If the token value is yes, seagent sends a message to the parent Policy Models of both the local host and any Policy Model on the machine as soon as the subscriber station becomes available. sepmdd then updates the subscriber immediately, instead of waiting for the next half‑hourly retry.
Default: yes
Specifies whether the sepmd -n option sends the contents of the policy model password files and group files.
Valid values are yes and no.
yes-The sepmd -n option sends the contents of the policy model password files and group files.
no-The sepmd -n option does not send the contents of the policy model password files and group files.
Default: yes
Defines the timeout period, in seconds, the Policy Model waits for its components to gracefully shut down. If the Policy Model components did not shut down gracefully, the Policy Model shuts down forcefully.
Default: 60
Specifies whether CA ControlMinder forces subscribers to use the same uid as the parent Policy Model host when creating a new UNIX user.
Define the maximum number of commands that the Policy Model sends to each of its subscribers in each cycle of a loop.
Default: 10
Copyright © 2013 CA Technologies.
All rights reserved.
|
|