Once you have a master PMDB configured, if you want to extend your hierarchy, create and configure subscriber PMDBs. On a local host, you can use the sepmdadm command.
Note: The following procedure shows the interactive form of the sepmdadm command. For information about using the command‑line parameters for all input, see the Reference Guide.
Follow these steps:
sepmdadm ‑i
CA ControlMinder starts the Policy Model database administration script (sepmdadm) and displays a menu with options for you to choose from.
The script is configured to ask you the relevant questions.
The script continues to ask you the first question.
Note: If CA ControlMinder is not running, the script issues a warning and to let you start CA ControlMinder before the script is rerun.
The script registers the Policy Model name and continues.
Note: The first character for a PMDB name should consist of the alphanumeric characters '-' and '_'.
The script registers the name of the first subscriber and then asks you to enter the name of the next subscriber.
The script registers all subscriber names and continues.
Note: You still must point each subscriber computer to its parent PMDB.
The script registers the parent PMDB name and continues.
Note: sepmdadm only lets you enter one parent for each subscribing database. You can, however, define multiple parents for each database. To do this, modify the parent_pmd token of the pmd.ini configuration file. For more information about using this token, see the Reference Guide.
Updates are made to users and groups in the PMDB. The tables provide information on users and their characteristics. If you choose yes, a UNIX user or UNIX group that is updated through the Policy Model is also updated in the NIS passwd and group files.
The script now asks you for the location of the NIS passwd and group files.
The script registers the full path and continues.
The script registers the full path and continues.
The script registers your answer and continues.
Administrators are authorized to change the properties of the PMDB.
Note: At least one administrator must be defined in a PMDB (root is the default).
Auditors are authorized to view the PMDB audit log files.
Password managers are authorized to change passwords in the PMDB.
The script registers your answer and continues.
The script registers all administration terminals and then reports the selections that you have made and asks you to confirm them.
If you confirm your selections, a new PMDB is created using the answers that you supplied.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|