Integration with CA ControlMinder

Implementation Guide › Installing and Customizing a UNAB Host › Before You Begin › Integration with CA ControlMinder

Integration with CA ControlMinder

If you intend to install UNAB and CA ControlMinder on the same endpoint, you can leverage some UNAB capabilities to display UNAB specific information in CA ControlMinder. For example, you can display the enterprise user name instead of the UNIX account name in audit records. The seos.ini configuration file contains tokens that you enable when you want to integrate UNAB with CA ControlMinder

Important! Before you integrate UNAB with CA ControlMinder, verify that CA ControlMinder version r12.5 or later is installed on the endpoint.

The following tokens in the [seosd] section control the integration of UNAB with CA ControlMinder:

use_unab_db: Specifies that seosd uses the UNAB database to resolve user and groups names. This token enables CA ControlMinder to detect changes in UNAB, such as a new user login.
use_mapped_user_name: Specifies whether seosd uses the user enterprise name in audit records. When enabled, the seaudit utility displays the enterprise user name rather than the UNIX account name.

The following tokens in the [OS_User] section control the integration of UNAB with CA ControlMinder:

nonunix_unabgroup_enabled: Specifies whether CA ControlMinder supports non UNIX groups of users in the UNAB database. When enabled, CA ControlMinder supports users from non UNIX groups.
osuser_enabled: Specifies whether enterprise users and groups are enabled.

The following tokens in the [seos] section control the integration of UNAB with CA ControlMinder:

auth_login: Determines the login authority method. This token enables password checks to authenticate users, for example, sesudo, sesu, and sepass.
pam_enabled: Specifies whether the local host enables use of PAM for authentication and password changes in the LDAP database.

The following tokens in the [passwd] section control the integration of UNAB with CA ControlMinder:

nis_env: Specifies whether the local host is an NIS or NIS+ client.
change_pam: Specifies whether the local host uses PAM for password authentication and changes in the LDAP database. Use this token to enable sepass to work with external pam stores, for example UNAB.

The following tokens in the [pam_seos] section control the integration of UNAB with CA ControlMinder:

PamPassUserInfo: Specifies whether pam_seos sends user information to seosd.
pam_login_events_enabled: Specifies whether pam_seos sends login events to seosd.
pam_surrogate_events_enabled: Specifies whether pam_seos sends surrogate events to seosd.

Note: For more information about the seos.ini tokens, see the Reference Guide.