Previous Topic: sepropadm Utility—Administer Database PropertiesNext Topic: sepurgdb Utility—Purge Database References to Undefined Records


sepromote Utility—Enforce Strong Authentication

CA ControlMinder integrates with CA AuthMinder to provide a strong authentication option for privileged and other native users of the operating system.

The CA ControlMinder system administrator restricts interactive sessions coming from a terminal by adding users to a group. To get write permission to files, users in this group must authenticate themselves using CA ArcotID OTP (one-time passwords).

After authentication, CA ControlMinder does not apply the rules created for the native user (“root”), but it applies rules to users according to their internal identities. CA ControlMinder differentiates non-restricted, restricted, and promoted users, and applies specific rules to them.

Note: For more information on how to set up strong authentication, see the CA AuthMinder chapter of the CA ControlMinder Integration Guide.

This command has the following format:

sepromote [-h] [-u username] [-o orgname] [otp] [-v]
-h

Displays help and exits.

-u username

Defines the name of the user in the interactive_restricted group who is requesting strong authentication.

Default: If not supplied as argument, the tool prompts for the user name.

otp

Defines the one-time password that the user in the interactive_restricted group has generated.

Default: If not supplied as argument, the tool prompts for the password.

-o orgname

Defines the organization where CA AuthMinder searches users of strong authentication.

Default: Value of the organization_name token in strong_auth.

-v

Activates verbose mode.

More information:

strong_auth