The [agent] section contains tokens that control the various UNAB parameters.
Defines the interval, in seconds, for registering UNAB with the CA ControlMinder endpoint. A value of 0 specifies no registration.
Default: 60
Note: UNAB attempts to register with the endpoint only if CA ControlMinder is installed on the UNIX host.
Defines the GIDs (comma-separated) of Active Directory groups that cannot log in.
Example: ad_group_deny_gid_list = 11,14
Note: This parameter is valid in full integration mode only.
Default: Token not set (no default)
Defines the minimal GID of Active Directory groups that can log in.
Note: This parameter is valid in full integration mode only.
Default: Token not set (no default)
Defines the UIDs (comma-separated) of Active Directory users that cannot log in.
Example: ad_user_deny_uid_list = 12,37
Note: This parameter is valid in full integration mode only.
Default: Token not set (no default)
Defines the minimal UID of Active Directory users that can log in.
Note: This parameter is valid in full integration mode only.
Default: Token not set (no default)
Specifies the maximum number of opened files, that the UNAB agent can use. The UNAB agent restarts if it exceeds the maximum value.
Default: 100
Example: agent_open_files_max = 100
Specifies the time, in minutes, when uxauthd restarts to recover from the critical problem.
Values: positive integer or -1 to cancel uxauthd restart.
Default: 60
Example: agent_restart_delay = 60
Specifies the maximum virtual memory size, in megabytes, that the UNAB agent can use. The UNAB agent restarts if it exceeds the maximum value.
Default: 300
Example: agent_vmemory_max = 300
Specifies the Active Directory computer password renewal interval in days.
Values: Nd, N=a number greater than 1.
Default: 0d, Password change is disabled
Specifies whether to back up the debug messages file.
Limits: yes, no
Default: yes
Defines the name of the backup debug messages file. If you do not use a full pathname to the file, UNAB creates the file in the directory InstallDir/log/debug/.
Default: agent_debug.back
Defines the file name that UNAB writes the debug messages to. If you do not use a full pathname to the file, UNAB creates this file in the directory InstallDir/log/debug/.
Default: agent_debug
Defines the maximum size of the debug messages file in megabytes.
Default: 512
Note: When the file exceeds the maximum size, the agent renames the file to backup and creates a messages file.
Specifies the level of debug messages in the debug file.
Limits: disabled, high, medium, low
Default: disabled
Specifies whether to log debug messages for submodules (zones). To write debug messages for more than one zone, specify the sum of the zone values.
Limits: -1, 1, 2, 4, 8, 16, or a sum of positive values.
Example: To log debug messages for the zones "General" and "Scheduler", set the value of debug_zones to 5.
Default: -1
Specifies the default access mode if there are no rules that define access for users and groups.
Limits: 0, no access; 1, access granted
Default: 0
Note: This parameter is valid in full integration mode only.
Defines the location of the local groups.allow file.
Default: /opt/CA/uxauth/etc/groups.allow
Note: This parameter is valid in full integration mode only.
Defines the location of the local groups.deny file.
Default: /opt/CA/uxauth/etc/groups.deny
Note: This parameter is valid in full integration mode only.
Defines the interval, in seconds, for sending a heartbeat to the CA ControlMinder Distribution Host.
Default: 3600
Specifies the interval, in seconds, between the uxauthd internal self check.
Values: positive integer or -1 to cancel the self check.
Default: 300
Example: health_check_interval = 300
Defines the maximum period, in seconds, for keeping unused LDAP connections open. When set to 0 UNAB destroys the connection immediately after an LDAP operation.
Default: 60
Defines the location of the CA license library.
Default: /opt/CA/SharedComponents/ca_lic
Specifies whether mapped users can log in using their UNIX user name or enterprise user name.
Limits: 1, UNIX login name; 2, enterprise login name
Default: 1
Specifies the interval, in seconds, for reading the CA ControlMinder policy queue.
Default: 60
Defines the timeout period, in milliseconds, for reading the CA ControlMinder policy queue.
Default: 1
Specifies whether NSS updates the group cache after every user login.
Limits: yes, no
Default: yes
Note: This parameter is valid in full integration mode only.
Specifies the group cache updating method.
Limits: 0, no updating; 1, incremental updating; 2, full updating
Default: 1
Note: This parameter is valid in full integration mode only.
Defines the interval, in minutes, for updating the users and groups cache.
Default: 60
Note: This parameter is valid in full integration mode only.
Specifies the method of updating the NSS user and group cache during the agent startup.
Limits: 0, no updating; 1, incremental updating; 2, full updating
Default: 1
Note: This parameter is valid in full integration mode only.
Specifies whether NSS updates the user cache after every user login.
Limits: yes, no
Default: yes
Note: This parameter is valid in full integration mode only.
Specifies the user cache updating method.
Limits: 0, no updating; 1, incremental updating; 2, full updating
Default: 1
Note: This parameter is valid in full integration mode only.
Defines the name or IP address of the NTP server.
Default: none
Specifies whether users can continue accessing the UNIX host when the Active Directory is not available.
Limits: no, offline connection disabled; yes, offline connection enabled
Default: yes
Defines the maximum number of failed offline logon attempts.
Default: 5
Defines the maximum period, in days, that an offline authentication is permitted after the last successful online authentication.
Default: 30
Defines whether a corresponding policy is needed for a partial user login.
Limits: no, partial user can log in with no corresponding policy deployed on the host; yes, partial user can log in only when a corresponding policy is deployed on the host.
Default: no
Note: The default value is 'no’ for backward compatibility with previous UNAB versions.
Specifies the displayed user name in audit files and reports when the user is in mapped mode.
Limits: no, report displayed with the UNIX user name; yes, report displayed with the user mapped name.
Default: no
Defines the Ticket Granting Ticket (TGT) renewal interval in seconds.
Default: 7200
Defines the Ticket Granting Ticket (TGT) renewal maximum period in days.
Default: 30d
Defines the clock synchronization interval in seconds.
Default: 300
Defines the rules for converting Active Directory users shell to a supported UNIX shell. If no match is found, then the shell that is defined as other is used.
Default (HP-UX): sh=/sbin/sh,csh/sbin/csh,bash=/sbin/bash,ksh=/sbin/ksh,tcsh=/sbin/tcsh,other=/sbin/sh
Default (all other OS): sh=/bin/sh,csh/bin/csh,bash=/bin/bash,ksh=/bin/ksh,tcsh=/bin/tcsh,other=/bin/sh
Note: This parameter is valid in full integration mode only.
Specifies whether to use the local login policy (.allow and .deny files).
Limits: no, use the enterprise login policy only; yes, use the enterprise login policy and then the local login policy.
Default: no
use_nested_group_aclshell that is definedSpecifies whether nested groups are used for the user ACL.
Limits: no, nested groups are not used; yes, nested groups are used.
Default: yes
Specifies the clocks synchronization options.
Limits: no, manual synchronization; yes, automatic synchronization
Default: no
Specifies whether UNAB stores the Active Directory groups in a database for CA ControlMinder use.
To work in partial integration mode while CA ControlMinder is not integrated, disable group database creation when configuring UNAB.
Limits: no, yes
Default: yes
Defines the location of the local users.allow file.
Default: /opt/CA/uxauth/etc/users.allow
Note: This parameter is valid in full integration mode only.
Defines the location of the local users.deny file.
Default: /opt/CA/uxauth/etc/users.deny
Note: This parameter is valid in full integration mode only.
Specifies the cleanup interval, in seconds, for deleting expired user tickets.
Limits: any positive integer
Default: 3600
Specifies the time interval in which the UNAB watchdog checks for uxauthd existence.
Default: 60 seconds
Example: watchdog_check_interval = 60
Specifies whether to use the UNAB watchdog to protect the daemon agent. The UNAB watchdog can also be run as a daemon when UNAB is installed without CA ControlMinder.
Default: yes
Example: watchdog_enabled = yes
Defines the interval, in minutes, for updating the UNAB Active Directory groups database.
Default: 60
Note: This parameter is valid in full integration mode only.
Specifies whether the Windows group database is updated every user login.
Limits: yes, no
Default: yes
Note: This parameter is valid in full integration mode only.
Specifies the method of updating the UNAB Active Directory groups database.
Limits: 0, no updating; 1, incremental updating; 2, full updating
Default: 1
Note: This parameter is valid in full integration mode only.
Specifies the method of updating the Active Directory groups database during the UNAB startup process.
Limits: 0 no updating, 1 incremental updating, 2 full updating
Default: 1
Note: This parameter is valid in full integration mode only.
Defines the number of working threads in the agent.
Default: 64
Copyright © 2013 CA Technologies.
All rights reserved.
|
|