Previous Topic: Manage UNAB with CA ControlMinder Enterprise ManagementNext Topic: Integration with RSA SecurID


Integration with CA ControlMinder

If you intend to install UNAB and CA ControlMinder on the same endpoint, you can leverage some UNAB capabilities to display UNAB specific information in CA ControlMinder. For example, you can display the enterprise user name instead of the UNIX account name in audit records. The seos.ini configuration file contains tokens that you enable when you want to integrate UNAB with CA ControlMinder

Important! Before you integrate UNAB with CA ControlMinder, verify that CA ControlMinder version r12.5 or later is installed on the endpoint.

The following tokens in the [seosd] section control the integration of UNAB with CA ControlMinder:

use_unab_db

Specifies that seosd uses the UNAB database to resolve user and groups names. This token enables CA ControlMinder to detect changes in UNAB, such as a new user login.

use_mapped_user_name

Specifies whether seosd uses the user enterprise name in audit records. When enabled, the seaudit utility displays the enterprise user name rather than the UNIX account name.

The following tokens in the [OS_User] section control the integration of UNAB with CA ControlMinder:

nonunix_unabgroup_enabled

Specifies whether CA ControlMinder supports non UNIX groups of users in the UNAB database. When enabled, CA ControlMinder supports users from non UNIX groups.

osuser_enabled

Specifies whether enterprise users and groups are enabled.

The following tokens in the [seos] section control the integration of UNAB with CA ControlMinder:

auth_login

Determines the login authority method. This token enables password checks to authenticate users, for example, sesudo, sesu, and sepass.

pam_enabled

Specifies whether the local host enables use of PAM for authentication and password changes in the LDAP database.

The following tokens in the [passwd] section control the integration of UNAB with CA ControlMinder:

nis_env

Specifies whether the local host is an NIS or NIS+ client.

change_pam

Specifies whether the local host uses PAM for password authentication and changes in the LDAP database. Use this token to enable sepass to work with external pam stores, for example UNAB.

The following tokens in the [pam_seos] section control the integration of UNAB with CA ControlMinder:

PamPassUserInfo

Specifies whether pam_seos sends user information to seosd.

pam_login_events_enabled

Specifies whether pam_seos sends login events to seosd.

pam_surrogate_events_enabled

Specifies whether pam_seos sends surrogate events to seosd.

Note: For more information about the seos.ini tokens, see the Reference Guide.