ibm tivoli access manager for operating...

IBM Tivoli Access Managerfor Operating Systems

��

�� 5.1

SA30-1841-01

��

�!

� �� , 105 �� D �� .

��(2003� 11�)

� �� , IBM Tivoli Access Manager for Operating Systems(�� 5698-PDO)

�� 5, �� 1 � �� .

© Copyright International Business Machines Corporation 2000, 2003. All rights reserved.

��

�� . . . . . . . . . . . . . . . . . v

� �� . . . . . . . . . . . . . v

� �� . . . . . . . . . . . . . . vi

�� . . . . . . . . . . . . . . . . . vii

IBM Tivoli Access Manager for Operating

Systems �� . . . . . . . . . . vii

�� . . . . . . . . . . . . . . vii

�� . . . . . . . . . . . . . . vii

�� . . . . . . . . . . . viii

�� . . . . . . . . . . viii

�� . . . . . . . . . . . . ix

�� . . . . . . . . . . . ix

� �� . . . . . . . . . . . ix

� 1 � �� . . . . . . . . . . . . . . 1


Systems �� . . . . . . . . . . . . . . 1

�� . . . . . . . . . . . . . . . . . 1

�� . . . . . . . . . . . . . . . 2

�� . . . . . . . . . . . . . . . 3

Tivoli Access Manager for Operating Systems

�� CD �� . . . . . . . . . . 5


Framework CD� ��. . . . . . . . . . 6

�� . . . . . . . . . . . 7

�� . . . . . . . . . . . . . . . 7

� 2 � �� . . . . . . . . . . . . 9

Tivoli Access Control Facility�� 9

�� . . . . . . . 9

�� . . . . . . . . . . . 9

�� . . . . . . . . . . . . . . . 10

�� . . . . . . . . . . . . . . 10

Policy �� . . . . . . . . . . . . 11

�� . . . . . . . . . . . . . 12

�� . . . . . . . . . . . . 12

�� . . . . . . . . . . 12

�� . . . . . . . . . 13

� 3 � �� . . . . . . . . . . . . . . 15

�� . . . . . . . . . . . . . . . 15

InstallShield Multiplatform� ��

� ��. . . . . . . . . . . . . . . . 16

�� . . . . . . 17

InstallShield Multiplatform �� 19


�� . . . . . . . . . . . . . . . . . 30

AIX. . . . . . . . . . . . . . . . 31

HP-UX . . . . . . . . . . . . . . 31

Solaris . . . . . . . . . . . . . . . 32

Linux on x86 . . . . . . . . . . . . 32

Linux on zSeries . . . . . . . . . . . 32

Linux on pSeries � iSeries . . . . . . . 33

�� AIX� ��. . . . . . . 33

SMIT� �� AIX� �� . . . . . . . 33

�� AIX� �� . . . . . . . . . 34

�� HP-UX� �� . . . . . 35

swinstall� �� HP-UX� �� . . . . . 35

�� HP-UX� �� . . . . . . . . 36

�� Solaris� �� . . . . . . 37

Admintool� �� Solaris� �� . . . . 37

�� Solaris� �� . . . . . . . . 38

�� Linux� �� . . . . . . 39

Tivoli Management Framework Integration ��

�� . . . . . . . . . . . . . . . . . 40


�� . . . . . . . . . . . 40


Enterprise Console Integration �� . . . . . 41


Systems �� . . . . . . 43


Enterprise Console Integration �� . . 44

�� . . . . . . . . . 46

�� . . . . . . . . . . 48


�� . . . . . . . . . . . . . . . . 49

�� Java �� . . . . . . . 49


Framework ��

�� . . . . . . . . . . . . . . . . 51

�� . . . . . . . . . . . 52

�� . . . . . . . . . . . . 53

�� (�� ) �� . . . . . . . . 54

�� . . . . . . . . . . 54

© Copyright IBM Corp. 2000, 2003 iii

� 4 � �� . . . . . . . . . . . . . . 55

�� . . . . . . . . . . . . . . . 55

�� . . . . . . . . . . . 58

�� . . . . . . . . . . . . . . . 60

�� . . . . . . . . . . . . . 68

�� . . . . . . . . . 68

�� . . . . . . . . . . . . 68

�� . . . . . . . . . . . . 69

�� . . . . 69

� 5 � pdostecd �� . . . 71

pdostecd �� . . . . . . . . . . . . . 71

�� . . . . . . . . . . . . . . . 71

�� . . . . . . . . . . . . . 71

pdostecd �� . . . . . . . . . . . 72

�� . . . . . . . . . . . 72

� 6 � �� . . . . . . . . . . . 73

Tivoli Access Manager for Operating Systems �

� . . . . . . . . . . . . . . . . . 73

�� . . . . . . . . . . . . . . . 73

� �� . . . . . . . . . . . . . . 73

�� . . . . . . . . . 73

Tivoli Access Manager for Operating Systems�

� �� . . . . . . . . . . . . 74


� . . . . . . . . . . . . . . . . . 74

PDOSTECD �� . . . . . . . 75

� 7 � �� . . . . . . . . . . . . 77


� �� . . . . . . . . . . . . . . 77

�� . . . . . . . . . . . 77

�� . . . . . . . . . . . 78

�� . . . . . . . 79

�� . . . . . . . . . . . . 79

�� . . . . . . . . . . . . 80

�� . . . . 80

�� . . . . . . . . . . . 80

�� . . . . . . . . . . 81

� 8 � �� . . . . . . . . . . . . 83

InstallShield Multiplatform�� . . . . 84

AIX�� . . . . . . . . . . . . 84

SMIT� �� AIX�� . . . . 84

�� AIX�� . . . . 85

HP-UX�� . . . . . . . . . . . 85

swremove� �� HP-UX�� . . 86

�� HP-UX�� . . . 86

Solaris�� . . . . . . . . . . . 86

Admintool� �� Solaris�� . . 86

�� Solaris�� . . . 87

Linux�� . . . . . . . . . . . 88

�� . . . . . . . . . 88

�� . . . . . . . . . . . 88

AIX. . . . . . . . . . . . . . . . 89

HP-UX . . . . . . . . . . . . . . 89

Solaris . . . . . . . . . . . . . . . 90

Linux . . . . . . . . . . . . . . . 90


�� . . . . . . . . . . . . . . . 90

�� A. �� . . . . . . . . . . . . 91

�� B. �� . . . . . . . . . . 99

�� C. Tivoli Access Control Facility��

�� . . . . . . . . . . . . . 101

se2pdos �� . . . . . . . . . . 101

��. . . . . . . . . . . . . . . 101

� . . . . . . . . . . . . . . . 101

�� . . . . . . . . . . . . . . . 102

�� D. �� . . . . . . . . . . . . 105

�� . . . . . . . . . . . . . . . . 107

�� . . . . . . . . . . . . . . . . 109

iv IBM Tivoli Access Manager for Operating Systems: ��

��

IBM® Tivoli® Access Manager for Operating Systems� ��

�� policy � �� .

�: IBM Tivoli Access Manager for Operating Systems(Tivoli Access Manager

for Operating Systems�� )� �� Tivoli SecureWay® Policy Director

for Operating Systems(�� 3.7) � Tivoli Policy Director for Operating

Systems(�� 3.8) �� . �� Tivoli SecureWay Policy Director

�� policy ��

�.

IBM Tivoli Access Manager for Operating Systems �� IBM Tivoli

Access Manager for Operating Systems� ��, ��, ��

�� .

� ��

� ��

� �� .

v UNIX® � ��

v �� (HTTP, TCP/IP, FTP, Telnet, SSL)

v ��

v �

v ��

v LDAP(Lightweight Directory Access Protocol) � ��

v IBM Tivoli Access Manager

�� .

v IBM Tivoli Management Environment® framework

v IBM Tivoli Distributed Monitoring

v IBM Tivoli Enterprise Console®

v IBM Tivoli Directory Server(LDAP)

v IBM Tivoli User Administration

© Copyright IBM Corp. 2000, 2003 v

� ��

� �� .

v 1 �� 1 � ��

Tivoli Access Manager for Operating Systems, � ��

��.

v 9 �� 2 � ��

Tivoli Access Manager for Operating Systems ��

� �� .

v 15 �� 3 � ��

InstallShield Multiplatform �� Tivoli Access

Manager for Operating Systems �� .

v 55 �� 4 � ��

Tivoli Access Manager for Operating Systems� �� .

v 71 �� 5 � �pdostecd ��

pdostecd �� .

v 73 �� 6 � ��

Tivoli Access Manager for Operating Systems� ��

�� .

v 77 �� 7 � ��


v 83 �� 8 � ��

InstallShield Multiplatform, �� Tivoli Access


v 91 �� A ��

�� , �� .

v 99 �� B ��

�� , �� .

v 101 �� C �Tivoli Access Control Facility��

Tivoli Access Control Facility�� Tivoli Access Manager for Operating Systems

� �� .

vi IBM Tivoli Access Manager for Operating Systems: ��

��

�� Tivoli Access Manager for Operating Systems

��, �� . ��

�� .

IBM Tivoli Access Manager for Operating Systems ��


��.

v IBM Tivoli Access Manager for Operating Systems �� , SA30-1840


��. �� Tivoli ��

�, �� IBM Tivoli Enterprise Console IBM Tivoli Risk Manager�

�� .


Tivoli Access Manager for Operating Systems ��, ��, ��

�� .


�� , �� , �� , �� Tivoli Access

Manager for Operating Systems� �� . ��

�� .

v IBM Tivoli Access Manager for Operating Systems �� , GA30-1843


v IBM Tivoli Access Manager for Operating Systems Read This First Card,

GA30-1844


� ��.

��

� ��

�� .

v IBM Tivoli Access Manager Base �� , SA30-2207

v IBM Tivoli Access Manager Base Administration Guide, GC23-1360

v IBM Tivoli Access Manager for e-business �� , GA30-2206

��


� � ��.

�� vii

v IBM Tivoli Access Manager for e-business Performance Tuning Guide, SC32-1351

IBM �� Tivoli Access Manager� ��

� �� .

v IBM Tivoli Access Manager for e-business Problem Determination Guide,

SC32-1352

Tivoli Access Manager �� .

v IBM Tivoli Access Manager Error Message Reference, SC32-1353

IBM Tivoli Access Manager, Tivoli Access Manager for Operating Systems �

Tivoli Access Manager ��

��.

v IBM Tivoli Access Manager for e-business Command Message Reference,

SC32-1354


v Tivoli Software Library�� , ��, �, ��

� Tivoli �� . �� Tivoli Software Library� �

��. http://www.ibm.com/software/tivoli/library/

v Tivoli Software Glossary�� Tivoli ��

� ��. Tivoli Software Glossary� Tivoli Software Library � ��

(http://www.ibm.com/software/tivoli/library)�� .

��

�� IBM Tivoli Access Manager for

Operating Systems �� .

��

� �� PDF(Portable Document Format), HTML(Hypertext Markup

Language) �� Tivoli Software Library(http://www.ibm.com/

software/tivoli/library/)�� .

�� Product

manuals �� . �� , Tivoli Software Information Center ��

�� .

�� , �� , �� , �� , ��

�� .

�: PDF �� , Adobe Acrobat � (�� → ��

�� )� �� .

viii IBM Tivoli Access Manager for Operating Systems: ��

http://www.ibm.com/software/tivoli/library/




��

��

� �� . � ��

�� . ��

�� .

�� IBM Tivoli Access Manager for Operating Systems ��

�� .

��

�� IBM Tivoli Software ��

Tivoli support �� IBM Tivoli Software ��

�.

http://www.ibm.com/software/support/

�� IBM Software ��

�� .

http://techsupport.services.ibm.com/guides/handbook.html

� �� .

v ��

v ��

v ��

� �� IBM Tivoli Access Manager for Operating Systems

�� .

� ��

� �� , � ��

��.

�� .

�� , ��

�� .

� ��

�� .

�� , �� , ��

��.

�� ix

http://www.ibm.com/software/support/

http://techsupport.services.ibm.com/guides/handbook.html

�� , �� , �� , �

� �� .

�� , ��

��, Java �� , HTML � XML ��

� �� .

x IBM Tivoli Access Manager for Operating Systems: ��

� 1 � ��

� �� IBM Tivoli Access Manager for Operating

Systems� �� .

v Tivoli Access Manager for Operating Systems ��

v ��

v ��


� �� .

� �� IBM Tivoli Access Manager for Operating Systems �� , ��

5.1� �� Tivoli Access Manager for Operating Systems� ��.


IBM Tivoli Access Manager for Operating Systems� UNIX � ��

� �� policy �� . ��

� �� policy

� ��. �� , � ��, �� , ��

�� . �� , ��

� �� . ��

��

��. �� policy �� Tivoli Access Manager for Operating Systems� ��

� policy� �� .

��

IBM Tivoli Access Manager for Operating Systems� �� Tivoli Access

Manager� �� UNIX �� .

v �� .

v �� .

v �� .

v �� .

v �� policy �� .

© Copyright IBM Corp. 2000, 2003 1

�� Tivoli Access Manager for Operating Systems� ��

� �� (�� IBM Tivoli Access

Manager for Operating Systems, �� 5.1, �� ).

��

Tivoli Access Manager for Operating Systems� UNIX � � ��

� �� . ��

� �� Tivoli Access Manager for Operating Systems

� �� . ��

��, Tivoli Access Manager for Operating Systems� �� policy �

�� . ��

�� Tivoli Access Manager policy

�� policy� ��.

3 �� 1�� Tivoli Access Manager for Operating

Systems, Tivoli Access Manager � IBM Directory Directory Server(��

�� LDAP ��) �� .

2 IBM Tivoli Access Manager for Operating Systems: ��

��

IBM Tivoli Access Manager for Operating Systems �� CD� ��

�.

v IBM Tivoli Access Manager for Operating Systems for AIX, Version 5.1

v IBM Tivoli Access Manager for Operating Systems for Solaris, Version 5.1

v IBM Tivoli Access Manager for Operating Systems for HP-UX, Version 5.1

v IBM Tivoli Access Manager for Operating Systems for Linux on xSeries, Version

5.1

v IBM Tivoli Access Manager for Operating Systems for Linux on zSeries®, Version

5.1

v IBM Tivoli Access Manager for Operating Systems for Linux on pSeries and

iSeries, Version 5.1

v IBM Tivoli Access Manager for Operating Systems Framework Support, Version

5.1

v IBM Tivoli Access Manager for Operating Systems Language Support, Version

5.1

v IBM Tivoli Access Manager Base for AIX, Version 5.1

v IBM Tivoli Access Manager Base for Solaris, Version 5.1

v IBM Tivoli Access Manager Base for HP-UX, Version 5.1

v IBM Tivoli Access Manager Base for Linux on xSeries, Version 5.1

v IBM Tivoli Access Manager Base for Linux on zSeries, Version 5.1

v IBM Tivoli Access Manager Base for Linux for pSeries and iSeries, Version

5.1

v IBM Tivoli Access Manager Base for Windows NT, Windows XP, Windows

2000, and Windows 2003, Version 5.1

v IBM Tivoli Access Manager Directory Server for AIX, Version 5.1

v IBM Tivoli Access Manager Directory Server 1 of 2 for Solaris , Version 5.1

v IBM Tivoli Access Manager Directory Server 2 of 2 for Solaris , Version 5.1

v IBM Tivoli Access Manager Directory Server for HP-UX , Version 5.1

v IBM Tivoli Access Manager Directory Server for Linux on xSeries, Version 5.1

v IBM Tivoli Access Manager Directory Server for Linux on zSeries, Version 5.1

�� 1. Tivoli Access Manager for Operating Systems ��

� 1 � �� 3

v IBM Tivoli Access Manager Directory Server for Linux for pSeries and iSeries,

Version 5.1

v IBM Tivoli Access Manager Directory Server for Windows 2000 and Windows

2003, Version 5.1

v IBM Tivoli Access Manager Web Administration Interfaces for AIX, Version

5.1

v IBM Tivoli Access Manager Web Administration Interfaces for Solaris, Version

5.1

v IBM Tivoli Access Manager Web Administration Interfaces for HP-UX, Version

5.1

v IBM Tivoli Access Manager Web Administration Interfaces for Linux on xSeries,

Version 5.1

v IBM Tivoli Access Manager Web Administration Interfaces for Linux on zSeries,

Version 5.1

v IBM Tivoli Access Manager Web Administration Interfaces for Linux on pSeries

and iSeries, Version 5.1

v IBM Tivoli Access Manager Web Administration Interfaces for Windows 2000,

Version 5.1

v IBM Tivoli Access Manager Web Administration Interfaces for Windows 2003,

Version 5.1

v IBM Tivoli Access Manager WebSphere Fix Pack for AIX, Version 5.1

v IBM Tivoli Access Manager WebSphere Fix Pack for Solaris, Version 5.1

v IBM Tivoli Access Manager WebSphere Fix Pack for HP-UX, Version 5.1

v IBM Tivoli Access Manager WebSphere Fix Pack for Linux on xSeries, Version

5.1

v IBM Tivoli Access Manager WebSphere Fix Pack for Windows 2000, Version

5.1

v IBM Tivoli Access Manager Language Support for AIX, Version 5.1

v IBM Tivoli Access Manager Language Support for Solaris, Version 5.1

v IBM Tivoli Access Manager Language Support for HP-UX, Version 5.1

v IBM Tivoli Access Manager Language Support for Linux on xSeries, Version

5.1

v IBM Tivoli Access Manager Language Support for Linux on zSeries, Version

5.1

v IBM Tivoli Access Manager Language Support for Linux on pSeries and iSeries,

Version 5.1


v IBM Tivoli Access Manager Language Support for Windows NT, Windows XP,

Windows 2000, Windows 2003, Version 5.1

Tivoli Access Manager for Operating Systems �� CD ��

IBM Tivoli Access Manager for Operating Systems� �� CD �

�� .

� 1. �� CD� ��

��(��) ��

AIX(/usr/sys/ inst.

images)

IBM Java Runtime Environment 1.3.1.5 Java131.rte

IBM AIX Certificate � SSL Base Runtime

ACME Toolkit 7.0.1.9

gskta.rte

IBM Directory Client 5.2.0.0 ldap.client

IBM Directory Client Runtime(SSL) 5.2.0.0 ldap.max_crypto_client

Tivoli Access Manager 5.1 Runtime

Environment

PD.RTE


5.1 Runtime Environment

PDOS.rte

HP-UX(/hp) Java 2 RTE 1.3 for HP-UX(700/800), PA1.1

+ PA2.0 Add On

B9789AA/Jre13

IBM Global Security Kit 7.0.1.9 gsk7bas

IBM Directory Server 5.2 Client LDAPClient


Environment

PDRTE



PDOSrte

Solaris(/solaris) JDK 1.3 Runtime Environment SUNWj3rt

IBM Global Security Kit 7.0.1.9 gsk7bas

IBM Directory Server 5.2 Client IBMldapc


Environment

PDRTE



PDOSrte

ezpkgadd

ldad-rsp

pddcfault

InstallShield Multiplatform

� ��

Linux x86(/linux) IBM Java Runtime Environment 1.3.1-3.0 IBMJava2-JRE-1.3.1-3.0.

i386.rpm

IBM Global Security Kit 7.0.1.9 gsk7bas-7.0-1.9.i386.rpm

IBM SecureWay Directory Server 5.2 Client ldap-clientd-5.2-1.i386.rpm


Environment

PDRTE-PD-5.1.0-0.i386.

rpm



PDOSrte-PDOSruntime-5.

1.0-0.i386.rpm

� 1 � �� 5

� 1. �� CD� �� (��)

��(��) ��

Linux on zSeries(/

zSeries)

IBM Java Runtime Environment 1.3.1-3.0 IBMJava2-JRE-1.3.1-3.0.

s390.rpm

IBM Global Security Kit 7.0.1.9 gsk7bas-7.0-1.9.s390.rpm

IBM Directory Server 5.2 Client ldap-clientd-5.2-1.s390.rpm


Environment

PDRTE-PD-5.1.0-0.s390.

rpm




1.0-0.s390.rpm

Linux i/pSeries

(/pSeries)

IBM Java Runtime Environment 1.3.1-2.0 IBMJava2-JRE-1.3.1-3.0.

ppc.rpm

IBM Global Security Kit 7.0.1.9 gsk7bas-7.0-1.9.ppc32.rpm

IBM Directory Server 5.2 Client ldap-clientd-5.2-1.ppc.rpm


Environment

PDRTE-PD-5.1.0-0.ppc.

rpm




1.0-0.ppc.rpm

Tivoli Access Manager for Operating Systems Framework CD�

��

Tivoli Access Manager for Operating Systems Framework �� CD��

�� .

� 2. Tivoli Access Manager for Operating Systems Framework �� CD� ��

��

PDOS.cdrom IBM Tivoli Access Manager for Operating Systems

Management Tasks, Version 5.1

PDOSTASK.IND

IBM Tivoli Access Manager for Operating Systems

Enterprise Console Integration, Version 5.1

PDOSTEC.IND

PDOSU.cdrom IBM Tivoli Access Manager for Operating Systems

Management Tasks, Version 5.1� ��

PTASKU.IND

IBM Tivoli Access Manager for Operating Systems

Enterprise Console Integration, Version 5.1� ��

�

PDTECU.IND

�� CD�� InstallShield Multiplatform �� , ��

� �� .


��


v ��

v ��

v � �

v ��

v ��

v ��

v ��

v ��

v ��

�� , � ��

� �� . ��

�. �� , ��

�� .

��

Tivoli Access Manager for Operating Systems, �� (�� ), ��

�� .

http://www.ibm.com/software/tivoli/products/access-mgr-operating-sys/

� 1 � �� 7

http://www.ibm.com/software/tivoli/products/access-mgr-operating-sys/

� 2 � ��

� �� IBM Tivoli Access Manager for Operating Systems� ��

�� .

Tivoli Access Control Facility��

�� policy �� Tivoli Access Control Facility� �� , Tivoli

Security Manager �� 101 �� C �Tivoli

Access Control Facility�� .

��



�� . ��

�� .

��

IBM Tivoli Access Manager for Operating Systems� ��

��. Tivoli Access Manager for Operating Systems� ��

�� .

v IBM Tivoli Access Manager Runtime Environment, �� 5.1

v IBM Global Security Toolkit, �� 7.0.1.9

v IBM Directory Client, �� 5.2

� �� , ��

� � �� . ��

�� . ��, ��

�� .

�� InstallShield Multiplatform ��

�� . ��

�� . ��

�� .

Tivoli Access Manager for Operating Systems� �� , ��

�� , �� .


v Tivoli Access Manager policy ��, �� 5.1� LDAP ��

�� .

v SSL(Secure Sockets Layer)� �� LDAP ��

�� .

v Tivoli Access Manager policy �� LDAP �� .

v LDAP �� base64� �� LDAP SSL CA(Certificate Authority)

� �� .

v Tivoli Access Manager �� base-64� �� Tivoli Access Manager

� �� (��

��).

v LDAP �� .


v �� (-admin_name � -admin_pwd)� �� . ��

5.1�� Tivoli Access Manager ��

(-sec_master_pwd)� ��.

SSL � �� Tivoli Access Manager policy �� LDAP �

� �� IBM Tivoli Access Manager ��

�� . SSL �� , ��

�� (�: 3650�)� ��. ��

�� 365��.

��

�� .

��

�� IBM Tivoli Access Manager for Operating Systems

� �� .

InstallShield Multiplatform �� GUI ��

InstallShield Multiplatform �� IBM Tivoli Access

Manager for Operating Systems� ��

� ��. � �� . ��

�, �� . �� Tivoli Access


� �� .

InstallShield MultiPlatform ��

InstallShield MultiPlatform � �� Tivoli Access



�. �� .

�� . Tivoli

Access Manager for Operating Systems� ��

� �� .

� ��

�� Tivoli Access Manager for Operating Systems ��

�� , ��

� ��

��, �� . ��

�� . ��

�� , �� Tivoli Access Manager for

Operating Systems� �� .

�� . ��

�� . �� 15 �� 13 �

�� .

Policy ��

�� , �� policy� ��

�� . Tivoli Access Manager for Operating Systems�

�� policy �� .

�� policy �� policy� �� .

policy �� /OSSEAL/policy-branch �� Tivoli Access Manager policy

�� , �� policy-branch� �� policy �� . �

� ��, policy �� , � � ��

�� .

/OSSEAL/Servers/OSSEAL/Graphics/OSSEAL/ProdDev

Tivoli Access Manager policy �� /OSSEAL �� , IBM Tivoli

Access Manager for Operating Systems �� . ��, ��

�� (policy ��

�� ). �� policy ��(�:

/OSSEAL/Servers)� �� , �� policy ��

�� policy �� .

policy �� , ��

� �� .

� 2 � �� 11

��


�.

v root �� .

v /opt � /var �� .(��

�� IBM Tivoli Access Manager for Operating Systems, �� 5.1,

�� .)

�� .

/opt/pdos

/var/pdos

Solaris� �� InstallShield Multiplatform� ��

�� .

v �� LDAP �� . ��

� Solaris � ��(Solaris�� )� ��

Sun LDAP ��, Sun ONE Directory Server �� .

v �� . � �� IBM Tivoli Access


v IBM Tivoli Access Manager for Operating Systems� ��

�� , 13 �� .

��

Tivoli Access Manager for Operating Systems� /var/pdos � � � ��

� �� policy ��, �� . /var� ��

�� policy � �� /var/pdos�

�� . �� /var/pdos/log �

/var/pdos/audit� �� .

/var/pdos, /var/pdos/log � /var/pdos/audit ��

� �� .

��

Tivoli Access Manager for Operating Systems� �� osseal ��

ID� osseal � ossaudit �� . IBM Tivoli Access Manager

for Operating Systems� �� osseal �� ossaudit � ��

�� , �� . �� osseal �� ID� ��

�, �� . �� osseal �� ID� osseal ��

��.


NIS(Network Information Services) �� osseal �� ID, osseal � ossaudit

�� NIS� �� . �� NIS� ��

�� , Tivoli Access Manager for Operating Systems� ��

�� /etc/passwd � /etc/group �� + ��

�� ID� �� . ��

� Tivoli Access Manager for Operating Systems� ��

� �� + �� . �� , NIS ��

� Tivoli Access Manager for Operating Systems� �� osseal

�� ID� osseal � ossaudit �� .

��

Tivoli Access Manager for Operating Systems� �� ,

� �� .

�: � �� Tivoli Access Manager for Operating Systems, �� 5.1��

�� . �� 3.8 � 4.1�� . �� 3.7

�� .

1. ��

�� . � �� IBM Tivoli Access Manager for Operating Systems

�� .

2. � �� , �� policy ��

� �� Tivoli Access Manager for Operating Systems� ��. ��

� �� .

pdoscfg -autostart off -login_policy off

3. pdostecd � ��, ��

��.

pdosteccfg -autostart offrc.pdostecd stop

4. �� Tivoli Access Manager for Operating Systems� ��

��.

rc.osseal stop

5. �� . �� Tivoli Access Manager

for Operating Systems� �� .

pdosctl -s

�: �� Tivoli Access Manager for Operating Systems�

�� , � ��

�. �� Tivoli Access

Manager for Operating Systems �� UNIX ��

� 2 � �� 13

�� . ��

� �� , �� Tivoli


�.

6. �� Tivoli Access Manager policy �� 5.1� �

��.

7. Tivoli Access Manager for Operating Systems� 15 �� 3 � ��

� �� . �� , ��

��

��.

�� 46 �� .


� 3 � ��

� �� AIX, HP-UX, Solaris � Linux�� IBM Tivoli Access Manager for


��

�� Tivoli Access Manager for Operating Systems� �

�� .

InstallShield Multiplatform �� GUI ��

�� Tivoli Access Manager for Operating Systems, Version 5.1

CD�� install_amos_platform �� Tivoli Access Manager

for Operating Systems � � ��

�� . ��

� � �� , �� . �

� �� 16 �� InstallShield Multiplatform� ��

� �� .

InstallShield Multiplatform �� policy ��


�� .

InstallShield Multiplatform ��


CD�� install_amos_platform ��

�� Tivoli Access Manager for Operating Systems � � ��

�� . ��

�� , ��

� �� .

� ��


CD��

Tivoli Access Manager for Operating Systems� ��. � ��

��

� �� .

Tivoli Access Manager Runtime Environment� Tivoli Access Manager for

Operating Systems� ��

�� .


��

� � � Tivoli Access Manager for Operating Systems� ��

� �� . ��

� �� .

v 33 �� AIX� ��

v 35 �� HP-UX� ��

v 37 �� Solaris� ��

v 39 �� Linux� ��


�� . �� 55 �� 4 � �� .

�: Tivoli Access Manager for Operating Systems� Tivoli Access Manager policy

�� IBM Directory Server(LDAP)� ��

��. InstallShield Multiplatform(�� )� ��

�� , �� policy �� IBM Directory Server� Tivoli Access

Manager for Operating Systems� �� . �

� ��, InstallShield Multiplatform� �� .

Tivoli Access Manager for Operating Systems� �� , �

�� 13 ��

��. � �� Tivoli Access Manager for Operating Systems

� �� , �� 46 ��

�� .


InstallShield Multiplatform �� Tivoli Access Manager for

Operating Systems� �� . ��

��, �� , ��

��.


�� . ��

�� JRE(Java Runtime Environment)� �� .

JRE� �� , �� JRE� �� , �

�� . �� JRE �� , Java� ��

�� .

�: �� , 55 �� .


��

�� . �� InstallShield

Multiplatform �� .

AIX

1. IBM Tivoli Access Manager for Operating Systems for AIX, Version 5.1 CD

� � ��.

2. �� . �� , �� .

cd /cdrom

3. DISPLAY �� . ��

� � �� X Server� �� .

4. �� .

install_amos_aix

�� JRE �� , �� .

java -cp install_amos_setup.jar run

HP-UX

1. IBM Tivoli Access Manager for Operating Systems for HP-UX, Version 5.1

CD� � ��.

2. �� . �� , �� .

cd /cdrom

3. DISPLAY �� . ��

� � �� X Server� �� .

4. �� .

install_amos_hp

�� JRE �� , �� .


Solaris

1. IBM Tivoli Access Manager for Operating Systems for Solaris, Version 5.1

CD� � ��.

2. �� . �� , �� .

cd /cdrom

3. DISPLAY �� . ��

� � �� X Server� �� .

4. �� .

� 3 � �� 17

install_amos_solaris

�� JRE �� , �� .


Linux on x86

1. IBM Tivoli Access Manager for Operating Systems for Linux on xSeries, Version

5.1 CD� � ��.

2. �� . �� , �� .

cd /media/cdrom

3. DISPLAY �� . ��

� � �� X Server� �� .

4. �� .

install_amos_Linux

�� JRE �� , �� .


Linux on zSeries

1. IBM Tivoli Access Manager for Operating Systems for Linux on zSeries, Version

5.1 CD� � ��.

2. �� . �� , �� .

cd /media/cdrom

3. DISPLAY �� . ��

� � �� X Server� �� .

4. �� .

install_amos_zSeries

�� JRE �� , �� .


Linux on pSeries � iSeries

1. IBM Tivoli Access Manager for Operating Systems for Linux on pSeries and

iSeries, Version 5.1 CD� � ��.

2. �� . �� , �� .

cd /media/cdrom

3. DISPLAY �� . ��

� � �� X Server� �� .

4. �� .


install_amos_pSeries

�� JRE �� , �� .



�� .

1. �� .

�� (�� ). ��

� �� . �� .

�� Tivoli Access Manager for Operating Systems

�� .


� 3 � �� 19

2. �� . �� . ��

��.



3. �� . �� . ��

� �� . �� . (�� , ��

��.)

�� , �� /var/pdos_ismp/license� �� .


� 3 � �� 21

4. Tivoli Common Directory �� . ��, ��

�� .

�� 5. Tivoli Common Directory ��


5. Tivoli Access Manager Runtime Environment �� . ��

�� .

v Tivoli Access Manager �� . �� policy

�� .

v Tivoli Access Manager � ��. �� 7135��.

v Tivoli Access Manager �� SSL � ��. policy �� CA ��

�� .(� � ��

��.)

v Tivoli Access Manager ��

�� . �� , � � ��

�� .

�� 6. Tivoli Access Manager Runtime Environment ��

� 3 � �� 23

6. Tivoli Access Manager LDAP � �� . ��

��.

v LDAP �� . �� .

v LDAP ��

�� 7. Tivoli Access Manager LDAP � ��


7. �� . Tivoli Access Manager for Operating Systems

� �� . �� .

�� /opt� �� , Tivoli Access Manager for Operating Systems �

�� . �� (�:

/bigdir)� �� , Tivoli Access Manager for Operating Systems � �

� �� . ��

�� .

v /bigdir/pdos

v /bigdir/PolicyDirector

v /bigdir/ldapc

v /bigdir/gskit

�� Solaris�� . InstallShield Multiplatform �

�� /opt� �� , �� .


� 3 � �� 25

� 3. ��

��

��

AIX /opt/pdos /opt/PolicyDirector

/usr/ldap /usr/opt/ibm/gskta

/bigdir/pdos

/bigdir/PolicyDirectory

/bigdir/ldapc

/bigdir/gskit

HP-UX /opt/pdos

/opt/PolicyDirector

/usr/IBMldap

/opt/ibm/gsk7

/bigdir/pdos


/bigdir/ldapc

/bigdir/gskit

Linux /opt/pdos /opt/PolicyDirector

/usr/ldap /usr/local/ibm/gsk7

/bigdir/pdos


/bigdir/ldapc

/bigdir/gskit

�: �� , �� .

� �� , Tivoli Access Manager for Operating

Systems � ��

� �� . �� /opt �� . �

� ��.

8. Tivoli Access Manager for Operating Systems �� .


�� .

v ��


v �� ID

v ��

v LDAP SSL � ��

v LDAP ��


� 3 � �� 27

v pdoscfg� ��

�� .


� �� , ��

�� .

�� , �� , ��

��. �� .


��

��.



�� .

� 4. ��

��

/opt/pdos/bin Tivoli Access Manager for Operating Systems

��

/opt/pdos/lib Tivoli Access Manager for Operating Systems �

��

/opt/pdos/sbin Tivoli Access Manager for Operating Systems �

��

/opt/pdos/etc Tivoli Access Manager for Operating Systems �

� ��

/opt/pdos/kernel Tivoli Access Manager for Operating Systems

� ��

/opt/pdos/nls Tivoli Access Manager for Operating Systems �

��

/var/pdos Tivoli Access Manager for Operating Systems �

� ��

/var/pdos_ismp ISMP ��

/var/ibm/tivoli/common/AOS/logs Tivoli � �� (�� )

/var/ibm/tivoli/common/AOS/ffdc Tivoli � ffdc ��(�� )

/var/ibm/tivoli/common/AOS/scripts Tivoli � �� (�� )

/usr/bin/pdos* �� Tivoli Access Manager for

Operating Systems ��


� 3 � �� 29

� 4. �� (��)

��

/usr/lib �� Tivoli Access Manager for



Tivoli Access Manager for Operating Systems� InstallShield Multiplatform �

�� . � �� InstallShield Multiplatform �

�� . �� GUI ��

��. � �� . ��

� �� . ��

� ��.

�: �� , � �� .

-W AM_TCDPanel.useTcd="yes"-W AM_TCDPanel.tcdDir="/var/tcd/log"-W AMRTE_ServerOptionsUIPanel.hostName="amserver.company.com"-W AMRTE_ServerOptionsUIPanel.listeningPort="7135"-W AMRTE_ServerOptionsUIPanel.certFile=-W AMRTE_ServerOptionsUIPanel.localDomain="Default"-W AMRTE_LDAPOptionsUIPanel.ldapHost="ldapserver.company.com"-W AMRTE_LDAPOptionsUIPanel.ldapPort="389"-W AMOS_DestinationPanel.productInstallLocation="/opt"-W AMOS_ConfigOptions.localDomain="lab_domain"-W AMOS_ConfigOptions.policyBranch="lab_policy"-W AMOS_ConfigOptions.userAdmin="sec_master"-W AMOS_ConfigOptions.userPassword="root"-W AMOS_ConfigOptions.ldapSSLCertFile="/cert/amosintb/ldapcacert.b64"-W AMOS_ConfigOptions.ldapSuffix="ou=tivoli,o=ibm,c=us"-W AMOS_ConfigOptions.rspFile="/tmp/pdoscfg.rsp"

�� .

-W AMRTE_ServerOptionsUIPanel.hostName="amserver.company.com"-W AMRTE_ServerOptionsUIPanel.localDomain="Default"-W AMRTE_LDAPOptionsUIPanel.ldapHost="ldapserver.company.com"-W AMOS_DestinationPanel.productInstallLocation="/opt"-W AMOS_ConfigOptions.localDomain="lab_domain"-W AMOS_ConfigOptions.policyBranch="lab_policy"-W AMOS_ConfigOptions.userAdmin="sec_master"-W AMOS_ConfigOptions.userPassword="root"-W AMOS_ConfigOptions.ldapSSLCertFile="/cert/amosintb/ldapcacert.b64"-W AMOS_ConfigOptions.ldapSuffix="ou=tivoli,o=ibm,c=us"

�� (�� ).

-W AMRTE_ServerOptionsUIPanel.listeningPort="7135"-W AMRTE_LDAPOptionsUIPanel.certFile=-W AMRTE_ServerOptionsUIPanel.ldapPort="389"-W AMOS_ConfigOptions.rspFile=


�� . ��

� � �� .

v install_amos_platform -options-template template_file

v java -cp install_amos_setup.jar run -options-template template_file

�� , template_file �� ### -W AMOS_

ConfigOptions.policyBranch=value� � �� . value� ��

� �� .

�: �� Java �� , Java �� . ��

� �� Java� �� .

��

��.

v install_amos_platform -options-record record_file

v java -cp install_amos_setup.jar run -options-record record_file

�� record_file� �� . �

� ��, � �� .

� �� , � �� .

�: � �� .

AIX

1. Tivoli Access Manager for Operating Systems for AIX, Version 5.1 CD� �

��.

2. �� . �� , �� .

cd /cdrom

3. �� .

install_amos_aix -silent -options option_file

��

java -cp install_amos_setup.jar run -silent -options option_file

HP-UX

1. Tivoli Access Manager for Operating Systems for HP-UX, Version 5.1 CD�

� ��.

2. �� . �� , �� .

cd /cdrom

3. �� .

� 3 � �� 31

install_amos_hp -silent -options option_file

��


Solaris

1. Tivoli Access Manager for Operating Systems for Solaris, Version 5.1 CD�

� ��.

2. �� . �� , �� .

cd /cdrom

3. �� .

install_amos_solaris -silent -options option_file

��


Linux on x86

1. IBM Tivoli Access Manager for Operating Systems for Linux on xSeries, Version

5.1 CD� � ��.

2. �� . �� , �� .

cd /media/cdrom

3. �� .

install_amos_Linux -silent -options option_file

��


Linux on zSeries

1. IBM Tivoli Access Manager for Operating Systems for Linux on zSeries, Version

5.1 CD� � ��.

2. �� . �� , �� .

cd /media/cdrom

3. �� .

install_amos_zSeries -silent -options option_file

��



Linux on pSeries � iSeries

1. IBM Tivoli Access Manager for Operating Systems for Linux on pSeries and

iSeries, Version 5.1 CD� � ��.

2. �� . �� , �� .

cd /media/cdrom

3. �� .

install_amos_pSeries -silent -options option_file

��


�� , InstallShield Multiplatform GUI ��

�� .

�: � �� .

� �� AIX� ��

AIX� Tivoli Access Manager for Operating Systems� �� SMIT(System

Management Interface Tool) � �� .

Tivoli Access Manager for Operating Systems� �� IBM Tivoli Access

Manager for Operating Systems for AIX CD� ��

�� .

v IBM Global Security Kit(GSkit)

v IBM Directory Server(LDAP) Client

v IBM Directory Secure Max Crypto Client

v Tivoli Access Manager Runtime Environment

�� , �� 5 �� 1� ��. ��

�� URL� �� Tivoli Information Center��

��.

http://publib.boulder.ibm.com/tividd/td/tdprodlist.html



SMIT� �� AIX� ��

SMIT� �� AIX� Tivoli Access Manager for Operating Systems� ��

�� .

� 3 � �� 33


1. IBM Tivoli Access Manager for Operating Systems for AIX CD� CD-ROM

�� .

2. root� ��.

3. �� .

smit

�� .

4. �� .

5. �� .

6. ��

��.

7. Tivoli Access Manager for Operating Systems ��

(/dev/cd0)� �� /��

�. �� .

8. �� .

9. �� . ��

� �� . 5.1 IBM Tivoli Access Manager for Operating Systems

Runtime� ��. �� .

10. �� . ��

��.

11. �� . �� .

��

�� .

12. �� .

13. �� . ��

� �� .

14. CD-ROM �� CD� ��.


� ��. �� 55 �� 4 � �� .

�� AIX� ��

�� AIX� Tivoli Access Manager for Operating Systems� ��

� �� .

1. IBM Tivoli Access Manager for Operating Systems for AIX CD� CD-ROM

�� .

2. root� ��.


3. �� . �� /dev/cd0� Tivoli Access Manager for

Operating Systems �� CD-ROM ��

��.

installp -c -a -g -X -d /dev/cd0/usr/sys/inst.images PDOS.rte

4. CD-ROM �� CD� ��.


� ��. �� 55 �� 4 � �� .

�: AIX, �� 5.1 � 5.2�� installp �� , ″1969�, 12� 31�″� �

� �� . �� . ��

� Tivoli Access Manager for Operating Systems� ��

��.

� �� HP-UX� ��

Tivoli Access Manager for Operating Systems� swinstall� �� HP-UX�

�� . �� /opt/pdos � /var/pdos ��

�� . /�� .

Tivoli Access Manager for Operating Systems� �� , �� CD� ��

�� .

v IBM Global Security Kit

v IBM Directory Server Client

v IBM Tivoli Access Manager Runtime Environment

�� , �� 5 �� 1� ��. ��

�� URL� �� Tivoli Information Center� ��.


swinstall� �� HP-UX� ��

swinstall� �� HP-UX� Tivoli Access Manager for Operating Systems� �

�� .

1. IBM Tivoli Access Manager for Operating Systems for HP-UX CD� �

��.

2. root� ��.

3. � �� , pfs_mountd� �� pfsd� ��. pfs_mount

�� CD� � ��. �� , �� .

pfs_mount /dev/dsk/c0t0d0 /cd-rom

� 3 � �� 35


��, /dev/dsk/c0t0d0� CD-ROM �� /cd-rom� � � ��

��.

4. �� .

swinstall

Enter� ��.

5. SD Install - Software Selection �� Specify Source �� . �

� �� Local CDROM� ��. ��

/cd-rom/hp� ��. �� cd-rom� CD� � � ��. OK

� ��.

6. SD Install - Software Selection �� Tivoli Access Manager for Operating

Systems �� PDOSrte� �� .

Actions �� Mark for Install� ��.

7. Actions �� Install (analysis)� ��. ��

��. �� Ready��, OK� ��. � �� . Yes�

��.

8. �� . �� ‘Completed’��, Done

� ��.

9. SD Install - Software Selection � ��.

10. � � �� CD-ROM �� CD� ��.


� ��. �� 55 �� 4 � �� .

�� HP-UX� ��

�� Tivoli Access Manager for Operating Systems� HP-UX� ��

�� .

1. IBM Tivoli Access Manager for Operating Systems for HP-UX CD� ��

��.

2. root� ��.

3. � �� , pfs_mountd� �� pfsd� ��. pfs_mount

�� CD� � ��. �� , �� .

pfs_mount /dev/dsk/c0t0d0 /cd-rom

�� /dev/dsk/c0t0d0� CD-ROM �� /cd-rom� � � ��

��. Enter� ��.

4. �� .

swinstall -s /cd-rom/hp PDOSrte


�� /cd-rom/hp� ��.

5. � � �� CD-ROM �� CD� ��.


� ��. �� 55 �� 4 � �� .

� �� Solaris� ��

Admintool� �� Solaris� Tivoli Access Manager for Operating Systems�

�� .

IBM Tivoli Access Manager for Operating Systems� �� , �� CD�

�� .




�� , �� 5 �� 1� ��. ��

�� URL� �� Tivoli Information Center� ��.


Admintool� �� Solaris� ��

Admintool� �� Solaris� Tivoli Access Manager for Operating Systems�

�� .

1. IBM Tivoli Access Manager for Operating Systems for Solaris CD� ��

��.

2. root� ��.

3. �� .

admintool

Admintool: Users �� .

4. Admintool: Users Browse �� Software� ��. Admintool:

Software �� .

5. Edit� �� Add� ��. Admintool: Set Source Media � ��

��.

6. �� CD� �� CD ��

/cdrom/cdrom0/solaris� ��. �� . Admintool: Add

Software �� .

� 3 � �� 37


7. Admintool: Add Software �� IBM Tivoli Access Manager for Operating

Systems �� . Add� ��.

8. �� . ��

�� . � �� ″Do you want to install this

package?″� � �� . � �� Yes� ��.

Return� ��.

9. � �� ″Do you want to continue with installation?″� ��

�� . � �� Yes� ��. Return�

��.

10. � �� ″Do you want to install these conflicting files?″� ��

�� . � ��

� � Yes� ��. Return� ��.

11. ″he following files are being installed with setuid and/or setgid permissions″

� �� ″Do you want to install these as

setuid/setgid files?″ �� . Yes� ��

��. Return� ��.

12. �� ″This package contains scripts which

will be executed with super-user permission during the process of installing

this package. Do you want to continue with installation of package name?″

� ��. Yes� ��. Return� ��.

13. �� Return� ��. Admintool: Software �� .

14. CD-ROM �� CD� ��.


� ��. �� 55 �� 4 � �� .

�� Solaris� ��

�� Solaris� Tivoli Access Manager for Operating Systems� ��

�� .

1. IBM Tivoli Access Manager for Operating Systems for Solaris CD� ��

��.

2. root� ��.

3. �� .

pkgadd -d /cdrom/cdrom0/solaris -a /cdrom/cdrom0/solaris/pddefault PDOSrte

�� /cdrom/cdrom0/solaris� ��, /cdrom/cdrom0/solaris/

pddefault� �� .

4. �� CD-ROM �� CD� ��.


eject


� ��. �� 55 �� 4 � �� .

� �� Linux� ��

Tivoli Access Manager for Operating Systems� Linux ��

� Linux x86, Linux for zSeries �� Linux for i/pSeries��

�.

Tivoli Access Manager for Operating Systems� �� Tivoli Access

Manager for Operating Systems �� CD� ��

� �� .




�� , �� 5 �� 1� ��. ��

�� URL� �� Tivoli Information Center��

��.


�� Linux� Tivoli Access Manager for Operating Systems� ��

� �� .

1. � IBM Tivoli Access Manager for Operating Systems for Linux CD(Linux

for xSeries, Linux for zSeries �� Linux for i/pSeries)� ��.

2. root� ��.

3. �� CD-ROM �� .

mount /media/cdrom/

4. Linux ��(Linux for xSeries, Linux for zSeries �� Linux for i/pSeries)�

�� .

v Linux for xSeries� ��:

rpm -i /media/cdrom/linux/PDOSrte-PDOSruntime-5.1.0-0.i386.rpm

v Linux for zSeries� ��

rpm -i /media/cdrom/zSeries/PDOSrte-PDOSruntime-5.1.0-0.s390.rpm

v Linux for i/pSeries� ��:

rpm -i /media/cdrom/pSeries/PDOSrte-PDOSruntime-5.1.0-0.ppc.rpm

� 3 � �� 39



� ��. �� 55 �� 4 � �� .


Tivoli �� Tivoli Access Manager for Operating Systems� ��

� �� .

IBM Tivoli Access Manager for Operating Systems �� , �� 5.1

� �� TMR(Tivoli Management Region) �� . � �

�� Tivoli �� UNIX �� Tivoli

Access Manager for Operating Systems ��

PDOS �� (��

�� )� ��.

Tivoli Access Manager for Operating Systems�� IBM Tivoli Enterprise Console

�� IBM Tivoli Risk Manager� �� .

IBM Tivoli Access Manager for Operating Systems Enterprise Console

Integration, �� 5.1

� �� TMR(Tivoli Management Region) ��, Tivoli Enterprise Console


�� . � �� Tivoli Enterprise Console

� �� . � �� Tivoli Enterprise Console �

� �� .

�� Tivoli Enterprise Console �� Tivoli Risk

Manager� ��. ��

��(� � ��).


Tivoli �� Tivoli Access Manager for Operating Systems ��

�� TMR(Tivoli Management Region) �� AMOS ��

��.

�: Tivoli Access Manager for Operating Systems ��

�� , 43 �� IBM Tivoli Access Manager for Operating

Systems �� .

��

AMOS �� .

1. �� → ��

��.


2. �� Tivoli Access Manager for Operating Systems

Management Tasks, Version 5.1� ��.

3. �� . �� TMR(Tivoli

Management Region) �� . ��

� �� .

4. �� . ��

��.

� �� . ��

�� .

5. ��

��. �� .

�� .

6. �� .

��

�� AMOS �� . winstall ��

�� Tivoli Management Framework �� .

winstall -c /cdrom -s colby -i PDOSTASK.IND

��

-c /cdrom �� CD� �� .

-s colby �� Tivoli region� �� .

��, �� TMR(Tivoli Management Region) ��

�� . � �� colby��.

-i PDOSTASK.IND

� �� .

Tivoli Access Manager for Operating Systems EnterpriseConsole Integration ��

Tivoli Access Manager for Operating Systems Enterprise Console Integration, �

� 5.1, �� Tivoli Access Manager for Operating Systems �� Tivoli

Enterprise Console� � � �� .

�: Tivoli Enterprise Console� ��

� ��, Tivoli Enterprise Console �� . Tivoli Access

Manager for Operating Systems Enterprise Console Integration ��

� � �� Tivoli Enterprise Console ��

� 3 � �� 41

Tivoli Access Manager for Operating Systems Enterprise Console Integration

�� , 44 �� Tivoli Access


��.

� �� , Tivoli Access Manager for Operating Systems Enterprise

Console Integration� �� Tivoli Enterprise Console� �� .

Tivoli Enterprise Console� �� , Tivoli Access Manager for Operating

Systems Enterprise Console Integration� �� .

Tivoli Access Manager for Operating Systems Enterprise Console Integration �


� �� TMR(Tivoli Management Region) �� Tivoli

Enterprise Console �� .

TMR(Tivoli Management Region) �� Tivoli Enterprise Console ��

�� . �� Tivoli Access Manager

for Operating Systems �� .

Tivoli Enterprise Console �� Tivoli Enterprise Console� Tivoli Access

Manager for Operating Systems ��

�� . �� PDOS-ACPROF ��

PDOS-RISKMGR-ACPROF� �� tecad_logfile_pdos ��

tecad_logfile_pdos_riskmgr ��

�� . Tivoli Enterprise Console ��

� �� Tivoli Enterprise Console ��

��.

�: �� Tivoli Enterprise Console �� .


�� .

��

Tivoli Access Manager for Operating Systems Enterprise Console Integration, �

� 5.1� �� TMR(Tivoli Management Region) ��, Tivoli Enterprise Console

�� .

1. �� → ��

��.


Console Integration, Version 5.1� ��.


3. �� . � �� TMR(Tivoli

Management Region) ��, Tivoli Enterprise Console �� Tivoli


� �� . ��

�� .

4. �� . ��

��.

� �� . ��

�� .

5. ��

��. �� .

�� .

6. �� .

��

�� Tivoli Access Manager for Operating Systems Enterprise

Console Integration, �� 5.1� ��.

winstall -c /cdrom -s monterey -i PDOSTEC.IND

��

-c /cdrom �� CD� �� .

-s monterey �� . � ��

monterey��.

-i PDOSTEC.IND

� �� .

�: pdostecd � �� IBM Tivoli Access Manager for



��

�� Tivoli �� Tivoli Access Manager for Operating Systems� ��

� �� , TMR(Tivoli Management Region) �� Tivoli Access Manager


��

AMOS �� .

1. �� → ��

��.

� 3 � �� 43


Management Tasks, Version 5.1� �� .



� �� .

4. �� . ��

��.

� �� . ��

�� .

5. ��

��. �� .

�� .

6. �� .

��


��. wpatch �� Tivoli Management Framework

�� .

wpatch -c /cdrom -s colby -i PTASKU.IND

��

-c /cdrom �� CD� �� .

-s colby �� Tivoli region� �� .

��, �� TMR(Tivoli Management Region) ��

�� . � �� colby��.

-i PTASKU.IND

� �� .

Tivoli Access Manager for Operating Systems EnterpriseConsole Integration ��

Tivoli Access Manager for Operating Systems Enterprise Console Integration, Version

5.1, �� Tivoli Access Manager for Operating Systems �� Tivoli

Enterprise Console� � � �� .

�: Tivoli Enterprise Console� ��

� ��, Tivoli Enterprise Console �� . Tivoli Access


� � �� Tivoli Enterprise Console �� .


Tivoli Access Manager for Operating Systems Enterprise Console Integration �


� �� TMR(Tivoli Management Region) �� Tivoli Enterprise

Console �� .

��

Tivoli Access Manager for Operating Systems Enterprise Console Integration� �

�� .

1. �� → ��

��.

2. �� Tivoli Access Manager for

Operating Systems Console Integration, Upgrade to Version 5.1� ��

��.

3. �� . � �� TMR(Tivoli

Management Region) ��, Tivoli Enterprise Console �� Tivoli


� �� . ��

�� .

4. �� . ��

��.

� �� . ��

�� .

5. ��

��. �� .

�� .

6. �� .

�: PDOSTECD � �� IBM Tivoli Access Manager


��

�� Tivoli Access Manager for Operating Systems Enterprise

Console Integration� ��.

wpatch -c /cdrom -s monterey -i PDTECU.IND

��

-c /cdrom �� CD� �� .

-s monterey �� . � ��

monterey��.

� 3 � �� 45

-i PDTECU.IND

� �� .

Tivoli Access Manager for Operating Systems Event Console Integration, Version

5.1� � �� BAROC �� . Tivoli

Access Manager for Operating Systems Event Console Integration, Version 5.1

� �� , �� 5.1��

�� .

1. Setup TEC Event Server for PDOS �� Tivoli Enterprise

Console �� . ��

�� , �� wrb -delrb rule_base_name �

�� , ��

�� . �� , � � ��

�.

2. PDOS-ACPROF �� PDOS-RISKMGR-ACPROF� Tivoli Access Manager for


��

Tivoli Access Manager for Operating Systems� �� , �

� �� .

1. �� Tivoli Access Manager for Operating Systems �

� �� policy �� , root� ��

� �� .

pdoscfg -autostart on -login_policy on

2. pdostecd � �� Tivoli Enterprise Console� ��

�� , ��

� �� .

pdosteccfg -autostart on

�� Tivoli Access Manager for Operating Systems policy� ��

�. �� Tivoli Access Manager for Operating Systems ��

�� policy �� policy�

��.

�� 3.8�� , �� Tivoli Access Manager for

Operating Systems, �� 4.1� �� .


� �� . �� .


�� 4.1�� 5.1� �� , policy ��

�� . � �� policy �� Tivoli

Access Manager pdadmin �� . �� .

osseal.once-only.u5100

� Tivoli Access Manager policy ��

� policy �� .

osseal.per-policy.u5100

� policy �� policy �� .

1. � �� osseal.once-only.u5100,

osseal.per-policy.u5100 � /opt/pdos/etc �� .

Tivoli Access Manager for Operating Systems� �� policy� �

�� . �� policy

� �� .

�: Tivoli Security Manager� �� Tivoli Access Manager for Operating

Systems �� policy� �� Tivoli Access Manager for Operating

Systems, �� 4.1� �� policy � ��

� �� , �� policy ��

�� .

2. Tivoli Access Manager for Operating Systems �� 5.1� ��

�� pdos_defpolicy_update �� Tivoli Access Manager policy

�� region� �� policy� ��.

pdos_defpolicy_update -f /opt/pdos/etc/osseal.once-only.u5100


3. pdos_defpolicy_update �� policy ��


pdos_defpolicy_update -f /opt/pdos/etc/osseal.per-policy.u5100 -branchbranch-name

�� branch-name� policy �� . policy ��

�� , -branch ��

��. Tivoli Access Manager ��

��.

4. � Tivoli Access Manager policy �� region, �� policy �� policy �

�� policy� �� , �� Tivoli

Access Manager for Operating Systems� �� .

rc.osseal start

� 3 � �� 47

�: �� , �� Tivoli Access Manager for Operating Systems ��

� �� , � �� .

�� Tivoli Access Manager for

Operating Systems �� UNIX ��

�� . ��



��

IBM Tivoli Access Manager for Operating Systems� �� .

v ��

v ��

v � �

v ��

v ��

v ��

v ��

v ��

v ��

�� Tivoli Access Manager for Operating Systems Language Support CD�

�� . Tivoli Access Manager for Operating Systems� ��

�� , �� . ��

�� , �� .

�� , � ��

� �� . �� , ��

� �� .

Tivoli Access Manager for Operating Systems Framework ��

�� , IBM Tivoli Access Manager for Operating Systems [xxxxxx] CD

�� . �� 40 �� Tivoli

Management Framework Integration �� . ��

� �� .



IBM Tivoli Access Manager for Operating Systems Language Support CD�� Tivoli


�� . �� InstallShield

Multiplatform�� .

1. IBM Tivoli Access Manager for Operating Systems Language Support CD�

� ��.

2. �� . �� , �� .

cd /cdrom

3. �� AMOSNLS �� .

cd AMOSNLS

4. �� .

install_amos_lp

�� Java(�� 1.3.1)� �� . ��

��, �� . �� , � � ″�� Java

��″� �� .

�� Java ��

�: �� Tivoli Access Manager for Operating Systems � �

�� .

JRE � �� .

1. �� JRE� ��.

v AIX �� .

a. �� root� ��.

b. Tivoli Access Manager for Operating Systems Language Support CD�

� ��.

c. �� .

/cdrom/usr/sys/inst.images

d. �� .

installp -c -a -g -X -d /dev/cd0 Java131.rte

v HP-UX �� .

a. �� root� ��.

b. Tivoli Access Manager for Operating Systems Language Support CD�

� ��.

c. �� .

� 3 � �� 49

/cdrom/hp

d. �� , pfs_mountd� pfsd� ��

�� , pfs_mount �� CD� � ��.

e. �� .

swinstall -s /cd-rom/hp rte_13_13108_1100.depot B9789AA

�� /cd-rom/hp� ��.

v Linux on x86 �� .

a. �� root� ��.

b. IBM Tivoli Access Manager for Operating Systems Language Support

CD� � ��.

c. �� /cdrom/xSeries� ��.

d. �� .

rpm -i IBMJava2-JRE-1.3.1-3.0.i386.rpm

v Linux for zSeries �� .

a. �� root� ��.


CD� � ��.

c. �� /cdrom/zSeries� ��.

d. �� .

rpm -i IBMJava2-JRE-1.3.1-3.0.s390.rpm

v Linux for i/pSeries �� .

a. �� root� ��.


CD� � ��.

c. �� /cdrom/pSeries� ��.

d. �� .

rpm -i IBMJava2-JRE-1.3.1-3.0.ppc.rpm

v Solaris �� .

a. �� root� ��.


CD� � ��.

c. �� /cdrom/solaris� ��.

d. �� .

pkgadd -d.SUNWj3rt


2. �� . ��

�.

3. ��

��. �� .

4. �� . ��

� �� .

5. �� . ��

��.

6. �� .


��


�� Tivoli Access Manager for Operating Systems Language Support

CD�� .

��


Tivoli Access Manager for Operating Systems �� CD��

� �� .

1. �� → ��

��.

2. �� Tivoli Access Manager for

Operating Systems Framework Support, Version 5.1� ��.



� �� .

4. �� . ��

��. � �� . ��

� �� .

5. �� .

�� . ��

� �� .

6. �� .

��


�� .

� 3 � �� 51

1. CD� ��.

2. �� .

cd TASKNLS

3. �� .

winstall -c /cdrom/TASKNLS -s monterey -i LANGPACK.IND

��

v -c /cdrom/TASKNLS� �� CD � �� .

v -s monterey� �� . � ��

� �� monterey��.

v -i LANGPACK.IND� � �� .

LANGPACK.IND �� .

� 5. LANGPACK.IND �

�� LANGPACK.IND

�� AMOS_DE.IND

�� AMOS_ES.IND

�� AMOS_FR.IND

�� AMOS_IT.IND

�� AMOS_JA.IND

�� AMOS_KO.IND

�� AMOS_PTB.IND

�� AMOS_ZHC.IND

� � AMOS_ZHT.IND

��

��

��. Tivoli Access Manager for Operating Systems �� , LANG �

� �� POSIX, X/Open ��

�� .

�� , ��

� LANG� ��. �� .

v LC_CTYPE

v LC_TIME

v LC_NUMERIC

v LC_MONETARY

v LC_COLLATE

v LC_MESSAGES


v LC_ALL

�� , �� LANG ��

�� .

LANG ��

�� UNIX �� LANG �� . ��

� �� UNIX � �� .

�� LANG� �� .

�� .

locale -a

��


�� , �� , Tivoli

Access Manager for Operating Systems� � �� . �� ,


�� , �� .

v fr� �� .

v fr_FR� �� .

v fr_CA� �� .

v fr_CH� �� .

��

�� /msg ��

�� .

/opt/pdos/nls/msg/locale


� �� .

NLSPATH ��

�� . �� , �� /opt/pdos/nls/msg� �� ,

NLSPATH �� .

/opt/pdos/nls/msg/%L/%N.cat

%L ��

�� %N.cat� �� .

�� , �� C ��

��.

� 3 � �� 53

�� , �� AIX �� .

LANG=De_CH.IBM-850

%L �� .

1. de_CH

2. de

3. C


�� , de_CH� �� . Tivoli Access Manager for Operating

Systems �� , de� ��. �� , ��

�� C� �� , �� .

�� (�� ) ��

�� . �� , PC � �

�� SJIS(�� 932)� �� , UXIX � ��

eucJP� ��.

��

� �� . �� , ��

�� .

Tivoli Access Manager for Operating Systems� �� UTF-8(��

� �� )� ��

��.

�� UTF-8� �� , ��

�� . �� , ��

�� Latin 1 �� (�: ISO8859-1, Microsoft 1252, IBM PC 850 �

IBM MVS™ 1047) �� .

��

�� UTF-8 ��

�� . �� base_dir/opt/

PolicyDirector/nls/TIS �� .


� 4 � ��

� �� AIX, HP-UX, Solaris � Linux�� IBM Tivoli Access Manager for


�� , �� Tivoli Access

Manager for Operating Systems� �� . InstallShield Multiplatform�

�� , Tivoli Access Manager for Operating Systems�

�� , �� .

�� pdoscfg��. �� , �� . � �


�� .

�� .



v ��

v ��

v ��

��


�, �� policy� �� policy ��

�� . �� policy� ��

�� , �� Tivoli Access Manager ��

�� . �� Tivoli Access



� �� .

v Tivoli Access Manager policy ��, �� 5.1� LDAP ��

�� .

v Tivoli Access Manager policy �� LDAP ��

� ��.


v Tivoli Access Manager Runtime Environment� Tivoli Access Manager for


��.

v LDAP �� base64� �� LDAP SSL CA � ��

�� .

�: install_ldaps �� LDAP �� Tivoli

Access Manager� �� LDAP SSL CA � ��

�� , LDAP �� /etc/gsk/pd_ldapcert.arm ��


� ��.

v LDAP �� .


v �� .

v �� . � ID � ��

� Tivoli Access Manager �� ID � �� .

��

�� .

�� . ��

�.

v branch

v suffix

v ldap_ssl_cacert

v local_domain

v admin_name

v admin_pwd

�: �� sec_master �� ID� �� , � ID�

svrsslcfg� �� , osseal.once-only, osseal.per-policy,

osseal.per-machine policy �� policy� ��

� Tivoli Access Manager �� . ��

�� Tivoli Access Manager ��

�. �� ACL� �� , �� ACL� ��

�� . �� Tivoli Access Manager for

Operating Systems �� . �� , ��

� �� svrsslcfg� �� policy �� policy� �

�� . �� svrsslcfg� �


��, osseal.per-policy � osseal.per-machine policy �� policy

� �� . � �� svrsslcfg � osseal.per-machinee policy

�� . �� Tivoli Access Manager

for Operating Systems� �� , ��

�� .

�� Tivoli Access Manager �� ACL� ��

��. �� , �� ACL � ��

��. �� Tivoli Access Manager for Operating Systems � ��

�� , �� . Tivoli Access Manager for

Operating Systems, �� 5.1� �� ID� �

�� .

� 6. �� ACL ��

�� ACL

��

/ �� -�� Tam

/Management pdoscfg� ��

�� , ��

�� ACL� �� .

��

/Management/ACL ACL �� . ��, ��-

�� ACL�� .

��-�� Tamv

/Management/Action �� . ��, ��-

�� ACL�� .

��-�� Tcv

/Management/Config �� svrsslcfg� ��

�� . �� ACL� ��

��.

��-�� Tacmv

/Management/Groups �� , ��

��. ��, ��-�� ACL��

��.

��-�� TdmnVa

/Management/POP POP�� . �

��, ��-�� ACL�� .

��-�� TadmvB

/Management/Policy policy ��

�� . ��-policy ACL��

�� .

/Management/Replica ��

�� . ��-��

� ACL�� .

/Management/Server pdadmin ��

��. ��-�� . ��

�� .

/Management/Users ��

��. ��-�� .

��-�� TdmNvW

�� -�� ACL ��. �� .

� 4 � �� 57



�. �� 73 �� 6 � �� .

��

Tivoli Access Manager for Operating Systems �� pdoscfg ��

� � ��.

-branch, -suffix, -local_domain, -admin_name � -admin_pwd ��

��, �� Tivoli Access Manager for Operating Systems� ��

� �� . -ssl_listening_port � -ldap_ssl_cacert ��

� ��, �� Tivoli Access Manager for Operating

Systems� �� .


pdoscfg| [-admin_cred_refresh number_of_minutes]| [-admin_name user_admin_name]| [-admin_pwd user_admin_password]| [-audit_deny_actions (osseal action_group | osseal action bits)]| [-audit_level (all | none | permit | deny | loginpermit || logindeny | admin | verbose | info || trace_exec | trace_file | trace_exec_l | trace_exec_root)]| [-audit_logflush number_of_seconds]| [-audit_log_size number_of_bytes]| [-audit_permit_actions (osseal action_group | osseal action bits)]| [-autostart (on | off)]| -branch policy_branch_name| [-cred_hold number_of_minutes]| [-cred_response_wait number_of_minutes]| [-critical_cred_group critical_cred_group_name]| [-critical_cred_refresh number_of_minutes]| [-delete (comma_delimited_list_of_options)]| [-dns (on | off)]| [-ffdc_capture (on | off)]| [-help]

| [-hostname hostname]| [-kmsg_hnd_threads number_of_threads]| -ldap_ssl_cacert ldap_certificate_file_name| [-local_domain domain-name]| [-lrd_config (on | off)| [-lrd_admin_name user_admin_name]| [-lrd_admin_pwd user_admin_password]| [-lrd_local_domain domain_name]| [-login_policy (on | off)]| [-net_ACL_limited (on | off)| [-operations]

| [-pdosauditd_log_entries number_of_log_entries| [-pdosauditd_logs number_of_logs| [-pdosd_init_wait time_in_minutes]| [-pdosd_log_entries number_of_log_entries]| [-pdosd_logs number_of_logs]| [-pdoslrd_log_entries number_of_log_entries| [-pdoslrd_logs number_of_logs| [-pdoswdd_log_entries number_of_log_entries]| [-pdoswdd_logs number_of_logs]| [-refresh_interval number_of_minutes]| [-rspfile file_name]| [-ssl_listening_port port_to_listen_for_notification]| -suffix policy_director_suffix| [-tcb_ignore_ctime (on | off)]| [-tcb_interval number_of_seconds]| [-tcb_max_file_size number_of_megabytes]| [-tcb_monitor_threads number_of_threads]| [-tcb_nocrc_on_exec (on | off)]| [-uid (on | off)]| [-usage]

| [-user_cred_refresh number_of_minutes]| [-version]

| [-warning (on | off)]| [-?]

�� 12. pdoscfg ��

� 4 � �� 59

��

� �� . � ��

��(�� ). �� 91 �� A ��

�� .

-admin_cred_refresh

�� ( )� �� .

��: 360

-admin_name


��: sec_master

-admin_pwd

Tivoli Access Manager �� . -admin_name ��

-sec_master_pwd �� .

-audit_deny_actions

�� osseal �� osseal �� [OSSEAL]. �

� osseal �� DKNRUdloprwxCGL��.

��: none

-audit_level

�� . �� all, none, permit, deny,

loginpermit, logindeny, admin, verbose, info, trace_exec, trace_exec_l,

trace_exec_root �� trace_file��.

��: none

-audit_logflush

pdosauditd � � �� (�)

��: 5

-audit_log_size

pdosauditd� � � ��

� �� (��)

��: 1000000

-audit_permit_actions

�� osseal �� osseal �� [OSSEAL]. �

� osseal �� DKNRUdloprwxCGL��.

��: none


-autostart


��.

��: on

-branch

� �� policy ��

-cred_hold

�� ( ).

-admin_cred_refresh � � -user_cred_refresh ��

��.

��: 10080

-cred_response_wait

� ��

��: 2

-critical_cred_group

��

�� Tivoli Access Manager ��

-critical_cred_refresh

-critical_cred_group �� ( )

��: 720

-delete

�� . ��

� ��.

v admin_cred_refresh

v audit_level

v audit_log_entries

v audit_logs

v audit_logflush

v audit_log_size

v audit_deny_actions

v audit_permit_actions

v cred_hold

v cred_response_wait

v critical_cred_group

v critical_cred_refresh

� 4 � �� 61

v dns

v ffdc_capture

v kmsg_hnd_threads

v pdosd_log_entries

v pdosd_logs

v pdoswdd_log_entries

v pdoswdd_logs

v refresh_interval

v tcb_ignore_ctime

v tcb_interval

v tcb_max_file_size

v tcb_monitor_threads

v tcb_nocrc_on_exec

v uid

v user_cred_refresh

v warning

-dns Tivoli Access Manager for Operating Systems� IP ��

�� .

��: on

-ffdc_capture

�� Tivoli Access Manager for Operating Systems � ��

�� .

��: on

-help �� . � ��

-help -option� ��.

-hostname

� �� Tivoli Access Manager ��

�. �� , ��

��.

-kmsg_hnd_threads

�� . � �� .

�� 9� ��

�� . ��

� �� 8 �� . ��

�� 24��.


��: 8

-ldap_ssl_cacert

Tivoli Access Manager �� LDAP �� CA

��. � �� Tivoli Access Manager for Operating Systems� LDAP

�� .

install_ldaps �� LDAP �� Tivoli

Access Manager �� /etc/gsk/pd_ldapcert.arm ��


�� .

-local_domain

pdosd � �� Tivoli Access Manager �� . � ��

� ��, �� Tivoli Access Manager ��

�� .(Tivoli Access Manager ��

�� , �� (��) ��

��.)

Tivoli Access Manager �� -admin_name �

-admin_pwd � � ��

�� .

-login_policy

�� .

�� policy� �� , � ��

�� policy� �� (�:

dtlogin)� �� . � � ��

�� policy� �� .

��: on

-lrd_admin_name

pdoslrd � Tivoli Access Manager policy ��


-lrd_admin_pwd

pdoslrd � Tivoli Access Manager policy ��


-lrd_config

pdoslrd � �� .

��: off

-lrd_local_domain

pdoslrd � �� Tivoli Access Manager �� .

� 4 � �� 63

pdoslrd � �� Tivoli Access Manager ��

(pdacld)� �� , pdoslrd � pdacld

� �� .

Tivoli Access Manager policy ��

�, �� pdoslrd � pdosd ��

�� . � �� , ��

pdosd �� .

� Tivoli Access Manager �� -lrd_admin_name

� -lrd_admin_pwd � � ��

�� .

-net_ACL_limited

�� policy �� /OSSEAL/branch/NetIncoming

� /OSSEAL/branch/NetOutgoing �� ACL�

�� . policy �� policy� �

�� , ACL ��

� ��.

��: off

-operations

�� .

-pdosauditd_log_entries

pdosauditd �� pdosauditd �� .

0� �� pdosauditd ��

�� . -pdosauditd_log_entries� 0� ��

� -pdosauditd_logs� 0� �� , pdosauditd ��

�� -pdosauditd_log_entries� ��

pdosauditd � �� . -pdosauditd_log_entries

� 0� �� -pdosauditd_logs� 0 ��, pdosauditd ��


� pdosauditd � �� .

��: 0

-pdosauditd_logs

pdosaditd � �� pdosauditd � ��

�� . pdosauditd �� 0� ��

-pdosauditd_log_entries� 0� �� . pdosauditd


� �� pdosauditd � �� . 0�

�� pdosauditd �� .


��: 0

-pdosd_init_wait

�� policy �� pdosd

� �� ( )

��: 5

-pdosd_log_entries

pdosd �� pdosd �� . 0� ��

� �� pdosd ��

�� . -pdosd_log_entries� 0� �� -pdosd_logs� 0�

�� , pdosd �� -pdosd_log_entries� �

�� pdosd � ��

�. -pdosd_log_entries� 0� �� -pdosd_logs� 0 ��, pdosd ��

�� -pdosd_log_entries� ��

� �� pdosd � �� .

��: 0

-pdosd_logs

pdosd � �� pdoswdd � ��

�. pdosd �� 0� ��

-pdosd_log_entries� 0� �� . pdosd ��

� � �� -pdosd_log_entries� ��

�� pdosd � �� . 0� �� pdosd �

� �� .

��: 0

-pdoslrd_log_entries

pdoslrd �� pdoslrd �� . 0� �

�� pdoslrd ��

�� . -pdoslrd_log_entries� 0� �� -pdoslrd_logs

� 0� �� , pdoslrd ��

-pdoslrd_log_entries� �� pdoslrd � �

� �� . -pdoslrd_log_entries� 0� ��

-pdoslrd_logs� 0 ��, pdoslrd ��

-pdoslrd_log_entries� �� pdoslrd � �

� �� .

��: 0

-pdoslrd_logs

pdoslrd � �� pdoslrd � ��

�. pdoslrd �� 0� ��

� 4 � �� 65

-pdoslrd_log_entries� 0� �� . pdoslrd ��

�� -pdoslrd_log_entries� ��

� �� pdoslrd � �� . 0� �� pdoslrd

�� .

��: 0

-pdoswdd_log_entries

pdoswdd �� pdoswdd �� . 0�

�� pdoswdd ��

� �� . -pdoswdd_log_entries� 0� ��

-pdoswdd_logs� 0� �� , pdoswdd ��

� -pdoswdd_log_entries� �� pdoswdd

� �� . -pdoswdd_log_entries� 0� ��

-pdoswdd_logs� 0 ��, pdoswdd ��

-pdoswdd_log_entries� �� pdoswdd �

�� .

��: 0

-pdoswdd_logs

pdoswdd � �� pdoswdd � ��

� �. pdoswdd �� 0� ��

-pdoswdd_log_entries� 0� �� . pdoswdd �

� �� -pdoswdd_log_entries� ��

�� pdoswdd � �� . 0� ��

pdoswdd �� .

��: 0

-refresh_interval


� �� , policy �� ( ). � 0� policy

� � � � � � � � � � � � � � � � � � � � � � � � � .

-ssl_listening_port� �� .

��: 0

-rspfile

��

-ssl_listening_port

policy �� . � 0� policy ��

�� . -refresh_interval

�� .

��: 7134


-suffix �� Tivoli Access Manager for Operating Systems� �� Tivoli

Access Manager �� LDAP ��.

�� , �� ou=austin,o=ibm,c=us��. �� ,

��(″″)� ��.

-tcb_ignore_ctime

TCB(Trusted Computing Base) �� ctime� ��.

� �� , ctime� �� TCB ��

�.

��: off

-tcb_interval

�� TCB �� (�). ��

� � �� (��) ��.

��: 1800

-tcb_max_file_size

�� MB �. � � �

�� .

��: 10

-tcb_monitor_threads

�� TCB �� . � �� 1

�� . � ��

��.

��: 1

-tcb_nocrc_on_exec

TCB� ��

�� CRC(Cyclec Redundancy Check) ��

��. � �� 2 �� CRC ��

�� .

��: off

-uid UID/GID� ��/� �� .

��: off

-usage �� .

-user_cred_refresh

�� ( )� �� .

��: 720

� 4 � �� 67

-version

pdoscfg �� .

-warning

�� .

��: off

-? �� .

��

�� Tivoli Access Manager for Operating Systems� �� , �

� �� .

pdoscfg -ldap_ssl_cacert /tmp/ldapcacert.b64 \-branch policy_branch_name \-suffix o=tivoli \-local_domain \-admin-name admin\-admin-pwd admin-pwd

��


��. �� . ��

� ��

��. �� , ��

�� . �� , ��

�� . ��

��.

�� . ��

�� .

� ��

�� . �� =� ��

� ��. ��

�� , ��

�� . � �� 0� �� =� �� . ��

�� . �� # ��

�� .

�� .


[policy]#Information about the policy.branch=policy_name[ldap]ssl-certificate=/tmp/ldapcacert.b64[credentials]admin-cred-refresh=30[pdoscfg]sec-master-pwd=cGo0sutbnielrsuffix=o=tivoli[ssl]ssl-listening-port=888

�� [policy], [ldap], [credentials], [pdoscfg] �

[ssl]��. policy �� =� � branch=policy_name� ��. ldap

�� =� � ssl-certificate=/tmp/ldapcacert.b64� ��.

credentials �� =� � admin-cred-refresh=30� ��. pdoscfg

�� =� � sec-master-pwd=cGo0sutbnielr � suffix=o=tivoli�

��. ssl �� =� � ssl-listening-port=888� ��. ��

�� .

#Information about the policy.

�� . ��

� �� /opt/pdos/etc �� osseal.conf , pdosd.conf,

pdosauditd.conf � pdoswdd.conf� � ��.

� ��

�� IBM Tivoli Access Manager for Operating Systems� ��

��, pdoscfg �� -rspfile � �� .

�� , �� .

pdoscfg -rspfile /opt/pdos/etc/config.rsp

�� , pdoscfg ��

-rspfile � ��

�� . �� , �� .

pdoscfg -rspfile /opt/pdos/etc/config.rsp \-uid off \-audit_level all

� ��

�� =� � �� . ��

� �� .

� 4 � �� 69

� 7. pdoscfg ��

��

[audit] level -audit_level

[authorization] warning -warning

[cache] dns -dns

uid -uid

[credentials] admin-cred-refresh -admin_cred_refresh

cred-hold -cred_hold

user-cred-refresh -user_cred_refresh

cred-response-wait -cred_response_wait

critical-cred-group -critical_cred_group

critical-cred-refresh -critical_cred_refresh

[ldap] ssl-certificate -ldap_ssl_cacert

[pdosauditd] log-entries -pdosauditd_log_entries

audit-logflush -audit_logflush

logs -pdosauditd_logs

audit-logsize -audit_log_size

[pdoscfg] sec-master-pwd -sec_master_pwd

delete -delete

suffix -suffix

autostart -autostart

login-policy -login_policy

net-ACL-limited -net_ACL_limited

[pdosd] kmsg-handler-threads -kmsg_hnd_threads

log-entries -pdosd_log_entries

logs -pdosd_logs

init-wait-minutes -pdosd_init_wait

[pdoslrd] log-entries -pdoslrd_log_entries

logs -pdoslrd_logs

[pdoswdd] log-entries -pdoswdd_log_entries

logs -pdoswdd_logs

[policy] branch -branch

refresh-interval -refresh_interval

[ssl] ssl-listening-port -ssl_listening_port

[tcb] ignore-ctime -tcb_ignore_ctime

interval -tcb_interval

max-checksum-file-size -tcb_max_file_size

monitor-threads -tcb_monitor_threads

nocrc-on-exec -tcb_nocrc_on_exec

[ffdc] capture -ffdc_capture


� 5 � pdostecd ��

� �� AIX, HP-UX, Solaris � Linux�� pdostecd � ��

�� .

pdostecd ��

Tivoli Access Manager for Operating Systems� Enterprise Console Integration �

�� pdostecd � ��.

�� pdostecd � �� .

v Tivoli �� Tivoli Access Manager for Operating Systems Enterprise

Console Integration ��

v � �� Tivoli Access Manager for Operating Systems� ��

�, �� 3.7-SEC-0003 ��

�

pdostecd �� pdosteccfg��.

pdostecd , pdosteccfg �� IBM Tivoli Access Manager for

Operating Systems� Tivoli Enterprise Console � Tivoli Risk Manager� ��


� ��.

��

pdostecd � �� Tivoli Enterprise Console �� Tivoli Risk

Manager�� Tivoli Access Manager ACL ��


pdostecd � �� Tivoli Access Manager ��

�� . �� off� ��

��.

��

pdostecd � �� , root� ��

� �� .

pdosteccfg -autostart off -admin_name admin_name -admin_pwd admin_password


�: ��, pdostecd� Tivoli Access Manager for Operating Systems� ��

� � autostart� off� �� .

pdostecd ��

pdostecd �� pdostecucfg��. Tivoli Access Manager for

Operating Systems� �� pdostecd � �� .

pdostecucfg ��, pdostecd � IBM Tivoli Access Manager for Operating

Systems� Tivoli Enterprise Console � Tivoli Risk Manager� ��

� �� IBM Tivoli Access Manager for Operating Systems ��

��.

��

pdostecd � �� policy� ��

�� pdostecd � �� .

pdostecucfg -admin_name admin_name -admin_pwd admin_password

� �� pdostecd � �� Tivoli Access Manager ACL ��

�� pdostecd � �� policy� ��

��.

pdostecucfg -remove_per_policy on -admin_name admin_name -admin_pwd admin_password


� 6 � ��

� �� Tivoli Access Manager for Operating Systems� ��

�� .

�: Tivoli Access Manager for Operating Systems ��

� �� .



� �� .

��


��.

rc.osseal start

�: �� Tivoli Access Manager for Operating Systems� ��

�� , �� root�� .

��

�� , Tivoli Access Manager for



� � �� . �� , Tivoli Access

Manager for Operating Systems� �� .

pdoscfg -autostart off

� �� , ��

�� , root� �� Tivoli


rc.osseal start

��


�� , ��

� ��.


��

� �� Tivoli Access Manager for Operating Systems� ��

� �� . � �� Tivoli Access

Manager for Operating Systems� /opt/pdos/etc/kosseal_starting___load�

� �� .(��

��.) � �� .

�� Tivoli Access Manager for Operating Systems �

�� . � �� Tivoli Access Manager for Operating Systems�

��

�� .

� �� IBM Tivoli Software ��

� ��, �� Tivoli Access Manager for Operating

Systems� �� .

��

Tivoli Access Manager for Operating Systems� �� osseal ��

ID, osseal � � ossaudit �� . ��

��, �� .

NIS(Network Information Services) �� osseal �� ID� osseal �

ossaudit �� NIS� �� . �� NIS� �

�� , Tivoli Access Manager for Operating Systems

� �� /etc/passwd � /etc/group �� + ��

� �� ID� �� . ��


� �� + �� . �� , NIS ��


osseal �� ID� osseal � ossaudit �� .


Tivoli Access Manager for Operating Systems� � ��

�� .

pdosctl -s



��.

rc.osseal stop


PDOSTECD ��

Tivoli Access Manager for Operating Systems� Tivoli Enterprise Console ��

Tivoli Risk Manager�� pdostecd � ��

��. � �� IBM Tivoli Access Manager for Operating Systems ��

� �� , � �� .

pdostecd � ��, �� Enter� ��.

rc.pdostecd stop

� 6 � �� 75

� 7 � ��

� �� AIX, HP-UX, Solaris � Linux�� Tivoli Access Manager for Operating

Systems� �� .

Tivoli Access Manager for Operating Systems �� pdosucfg��.

� �� Tivoli Access Manager for Operating Systems �� ,

� �� , Tivoli Access Manager�� Tivoli


�� .


v ��

v ��

v ��

v InstallShield Multiplatform� ��



� �� .

v Tivoli Access Manager policy �� LDAP �� .

v Tivoli Access Manager Runtime Environment� Tivoli Access Manager for


��.

v Tivoli Access Manager �� .

v Tivoli Access Manager for Operating Systems� ��. ��

�� 73 �� 6 � �� .

v pdostecd � �� , �� . 72 �� pdostecd �

� ��

��

Tivoli Access Manager for Operating Systems �� pdosucfg ��

� �� .


��

� �� . � ��

��(�� ). �� 99 ��

� �� B �� .

-admin_name


��:

sec_master

-admin_pwd

Tivoli Access Manager �� . -admin_name ��

-sec_master_pwd �� .

-help �� . � ��

-help -option� ��.

-lrd_admin_name

pdoslrd� �� Tivoli Access Manager ��

-lrd_admin_pwd

pdoslrd� �� Tivoli Access Manager ��

-operations

�� .

-remove_once_only

Tivoli Access Manager for Operating Systems �� policy� ��

��.

pdosucfg| [-admin_name user_admin_name]| [-admin_pwd user_admin_password]| [-help]| [-lrd_admin_name user_admin_name]| [-lrd_admin_pwd user_admin_password]| [-operations]| [-remove_once_only (on | off) ]| [-remove_per_policy (on | off) ]| [-rspfile file_name ]| [-usage]| [-version]| [-?]

�� 13. pdosucfg ��


�: �� Tivoli Access Manager for Operating Systems �� Tivoli

Access Manager policy �� , � ��

��. �� .

�� policy� �� , �� .

��: off

-remove_per_policy

� �� policy �� Tivoli Access Manager


�: �� Tivoli Access Manager for Operating Systems ��

policy �� , � �� . ��

� �� .

�� policy� policy branch � � �� , ��

��.

��: off

-rspfile

�� .

-usage �� .

-version

�� .

-? �� .

��


� � ��.

� ��

�� .


� �� .

[pdoscfg]admin_name=admin_user_1admin_pwd=cGo0sutbnielr

��

[pdoscfg]

� ��

� 7 � �� 79

admin_name=admin_user_1admin_pwd=cGo0sutbnielr

� ��=� ��.

� ��


��, pdosucfg �� -rspfile � ��

�. �� , �� .

pdosucfg -rspfile /opt/pdos/etc/unconfig.rsp

��

/opt/pdos/etc/unconfig.rsp

� �� .

�� pdosucfg

�� -rspfile � ��

� �� . �� , �� .

pdosucfg -rspfile /opt/pdos/etc/unconfig.rsp -remove_per_policy off

� ��

�� =� � �� . ��

� �� .

� 8. pdosucfg ��

��

[pdoscfg] remove-once-only -remove_once_only

remove-per-policy -remove_per_policy

��

InstallShield Multiplatform� �� , �� IBM Tivoli Access

Manager for Operating Systems� � �� .

v IBM Global Security Toolkit

v IBM Directory Server


�� Tivoli Access Manager Runtime

Environment��.


�: �� , Tivoli Access Manager Runtime

Environment� �� .

Tivoli Access Manager Runtime Environment� ��

��.

1. root� ��.

2. �� Enter� ��.

pdconfig

3. Tivoli Access Manager� �� 2� ��.

4. �� . ��

�� . ��

��, Tivoli Access Manager �� , ��

�� , �� .

��

� � �� pdosucfg_local� �� Tivoli Access Manager for


��. �� .

1. Tivoli Access Manager for Operating Systems� ��, ��

�� /new� �

�� . �� , /� /new� ��

��.

2. �� /new � � ��

�� . �� /new� ��

� �� . Tivoli Access Manager for Operating Systems�

��, �� Tivoli Access Manager for

Operating Systems� �� pdoscfg ��

� � �� .

3. � �� (�� )� ��. �� ,

pdosucfg_local /new��. � �� /new � �� .

a. � �� .

b. �� policy �� .

c. �� .conf �� .

d. �� svrsslcfg� �� .kdb �� .

e. /var/pdos � �� Tivoli Access Manager for Operating Systems� ��

� �� .

� 7 � �� 81

� 8 � ��

� �� InstallSheild Multiplatform ��

�� AIX, HP-UX, Solaris � Linux�� Tivoli Access Manager

for Operating Systems� �� . Tivoli Access

Manager for Operating Systems� InstallShield Multiplatform�� , �

�� . �� , Tivoli Access


�� .

InstallShield Multiplatform� Tivoli Access Manager for Operating Systems�

� �� .


��.

v root �� .

v pdostecd � �� , 72 �� pdostecd ��

�� .

v 77 �� 7 � �� Tivoli Access Manager for


v � �� Tivoli Access Manager for Operating Systems

� �� .

v � �� Tivoli Access Manager for Operating Systems� ��

�� .

v InstallShield Multiplatform� �� Tivoli Access Manager for Operating

Systems, �� 5.1� �� , �� InstallShield Multiplatform

� �� . �� InstallShield Multiplatform ��

�� .

�� osseal � ��, ossaudit � �� osseal �� ID� ��

� ��, Tivoli Access Manager for Operating Systems� ��

�.


InstallShield Multiplatform��

InstallShield Multiplatform� �� Tivoli Access Manager for Operating Systems

� �� , �� . ��

� �� , �� .

InstallShield Multiplatform� �� , Tivoli Access Manager

for Operating Systems, �� 5.1 �� . �� (GSKit,

LDAP � Tivoli Access Manager ��)� �� .

�: �� , ��

�� . InstallShield Multiplatform �� .

� ��

�� .


��.

1. Tivoli Access Manager for Operating Systems� � � ��

��. Tivoli Access Manager for Operating Systems� � � ��

�� 8 � ″�� ″� ��.

2. �� .

java -cp /var/pdos_ismp/_uninstall/uninstall.jar run

��

java -cp /var/pdos_ismp/_uninstall/uninstall.jar run -silent

��

/var/pdos_ismp/_uninstall/uninstaller.bin

AIX��

Tivoli Access Manager for Operating Systems� SMIT� �� AIX��

��, �� .

SMIT� �� AIX��

SMIT� �� AIX�� Tivoli Access Manager for Operating Systems� ��

�� .

1. root� ��.

2. �� .

smit

�� .


3. �� .

4. ��

��.

5. �� .

�� .

6. �� PDOS.rte� ��.

7. �� , � ��

� SMIT� ��. �� . �� , �

�� .

�� , � ��

� �� .

8. �� , �� .

9. �� . �� .

�� .

10. � �� .

11. �� , � ��

� ��.

12. �� , �� . ��

��.

13. �� .

14. �� .

15. �� .

�� AIX��

�� AIX�� Tivoli Access Manager for Operating Systems� ��

�� .

1. root� ��.

2. �� .

installp -u -g PDOS.rte

3. �� .

HP-UX��

Tivoli Access Manager for Operating Systems� swremove� �� HP-UX�

� �� , �� .

� 8 � �� 85

swremove� �� HP-UX��

swremove� �� HP-UX�� Tivoli Access Manager for Operating Systems

� �� .

1. root� ��.

2. �� .

swremove

SD Remove-Software Selection �� .

3. �� Tivoli Access Manager for Operating Systems ��

��.

4. Action �� Mark for Remove� ��.

5. Action �� Remove (analysis)� ��. Remove (analysis) ��

��. �� Ready��, OK� ��.

6. � �� Yes� ��. Remove �� .

7. �� ‘Completed’��, Done� ��.

8. SD Remove-Software Selection �� .

9. �� .

�� HP-UX��

�� HP-UX�� Tivoli Access Manager for Operating Systems� ��

�� .

1. root� ��.

2. �� .

swremove PDOSrte

3. �� .

Solaris��

Tivoli Access Manager for Operating Systems� Admintool� �� Solaris�

� �� , �� .

Admintool� �� Solaris��

Admintool� �� Solaris�� Tivoli Access Manager for Operating Systems

� �� .

1. root� ��.

2. �� .

admintool


Return� ��. Admintool: Users �� .

3. Admintool: Users Browse �� Software� ��. Admintool:

Software �� .

4. Admintool: Software �� , ��

(IBM Tivoli Access Manager for Operating Systems Runtime)� ��

��.

5. Edit �� Delete� ��.

6. Admintool: Warning �� . Delete� ��. Admintool: Delete

Software �� .

7. �� . ��

� � �� . � �� ″Do you want to remove this

package?″� � �� . � �� Yes� ��.

Return� ��.

8. �� ″This package contains scripts which will be executed

with super-user permission during the process of removing this package. Do

you want to continue with removal of this package?″ � ��

��. Yes� ��. Return� ��.

9. �� Return� ��.

10. Admintool: Software �� .

11. �� .

�� Solaris��

�� Solaris�� Tivoli Access Manager for Operating Systems� ��

�� .

1. root� ��.

2. �� .

pkgrm PDOSrte

3. �� . ��

� �� . � �� ″Do you want to remove this

package?″� � �� . � �� Yes� ��.

Return� ��.

4. �� ″This package contains scripts which will be executed

with super-user permission during the process of removing this package. Do

you want to continue with removal of this package?″ � ��

�. Yes� ��. Return� ��.

5. � �� , ″Removal of package was

successful.″�� .

� 8 � �� 87

6. �� .

Linux��

Tivoli Access Manager for Operating Systems� Linux��

� �� .

1. root� ��.

2. �� .

rpm -e PDOSrte-PDOSruntime

3. �� .

��

�� .

1. �� uninstall.jar �� . �� .

cd /opt/location

�� location� �� .

PDOssLP/osslp_uninst


�� .

2. �� uninstall.jar ��

�.

java -cp /opt/PDOssi_P/osrtelp_uninst/uninstall.jar run

�� jre_path� Java � �� . Java � ��

�� , jre_path� �� .

��

InstallShield Multiplatform� �� Tivoli Access Manager for Operating

Systems� �� , � �� .

�� .


v IBM Directory Server

v IBM Global Security Toolkit

�� , � � ��

��.


�: ��

��.

AIX

AIX�� .

1. root� ��.

2. �� .

smitty maint

3. �� .

4. �� F4� �� . ��

�� F7� �� .

v PD.RTE

v ldap.client.adt

v ldap.client.rte

v ldap.max_crypto_client.adt

v ldap.max_crypto_client.rte

v gskta.rte

�� , Enter� ��.

5. ��(�� ) �� Tab ��

� ��.

6. �� Enter� ��.

�� installp �� .

installp -u -g PD.RTE ldap.client.adt ldap.client.rte \ldap.max_crypto_client.adt ldap.max_crypto_client.rte \gskta.rte

HP-UX

HP-UX�� Tivoli Access Manager Runtime Environment, IBM Global Security

Toolkit � IBM SecureWay Directory Client� ��

�.

1. root� ��.

2. �� .

swremove PDRTE LDAPClient gsk7bas

� 8 � �� 89

Solaris

Solaris�� .

1. root� ��.

2. �� .

pkgrm PDRTE IBMldapc gsk7bas

3. pkgrm �� . �� Y� ��.

Linux

Linux�� .

1. root� ��.

2. �� .

rpm -e PDRTE-PD ldap-clientd gsk7bas

� �� x86, zSeries, pSeries � iSeries� Linux� ��.



� �� .

wuninst PDOSTASK machine -rmfiles

�� machine� �� Tivoli region� ��

��.

Tivoli Access Manager for Operating Systems Enterprise Console Integration� �

� �� .

wuninst PDOSTEC machine -rmfiles

�� machine� �� .


�� A. ��

Tivoli Access Manager for Operating Systems �� pdoscfg� ��

� �� .

� 9. ��

��

-admin_cred_refresh �� ( )� �� . ��: 1

��: maxint

��: 360(6 �

�)

-admin_name �� . admin_pwd� ��

sec_master_pwd �� .

-admin_pwd ��

-audit_level ��

��. ��

��. �� all, none, permit, deny,

loginpermit, logindeny, admin, verbose, info,

trace_exec, trace_exec_l, trace_exec_root �

� trace_file��.

��: None

-audit_logflush pdosauditd � � ��

�� (�)

��: 5

��: 9999

��: 5

-audit_log_size pdosauditd� � � ��

� ��

� �� (��)

��: 1000000

��: 100000000

��: 1000000

-autostart �� Tivoli Access Manager for


on | off

��: on

-branch � �� policy ��

-cred_hold ��

� ��( ). � �� admin_cred_refresh �

� user_cred_refresh ��

��.

��: 1

��: maxint

��: 10080(1

��)

-cred_response_wait � ��

� �� ( )��: 2

-critical_cred_group ��

��

� �� Tivoli Access Manager �

� ��

-critical_cred_refresh critical_creds ��

��( )��: 720


� 9. �� (��)

��

-delete ��

�

admin_cred_refresh,

audit_level, audit_log_entries,

audit_logflush, audit_logs,

audit_log_size, cred_hold,

dns, kmsg_hnd_threads,

pdosd_log_entries,

pdosd_logs,

pdoswdd_log_entries,

pdoswdd_logs,

refresh_interval, tcb_interval,

tcb_max_file_size,

tcb_monitor_threads, uid,

user_cred_refresh, warning

-dns Tivoli Access Manager for Operating

Systems� IP ��

�� .

on | off

��: on

-ffdc_capture �� Tivoli Access Manager for Operating

Systems � ��

�� .

��: on

-help �� . �

�� -help -<option>

� ��.

-hostname � �� Tivoli Access

Manager �� . ��

� � �� , ��

�� .

-kmsg_hnd_threads ��

�� . � �� .

�� 9� ��

� ��

� �� . 9� �

��

�� . ��

� ��, �� . ��

�� 24��.

��: 1

��: maxint

��: 8


� 9. �� (��)

��

-ldap_ssl_cacert Tivoli Access Manager ��

�� LDAP �� CA ��. � ��

Tivoli Access Manager for Operating

Systems� LDAP ��

�� .

ezinstall_ldap_server ��

LDAP �� Tivoli

Access Manager� �� LDAP SSL

CA � �� ,

LDAP �� /etc/gsk/pd_ldapcert.

arm �� IBM Tivoli Access

Manager for Operating Systems ��

�� .

�� .

-local_domain �� Tivoli Access Manager �

�� .

-login_policy ��

� ��.

on | off

��: on

-lrd_admin_name pdoslrd� �� Tivoli Access

Manager �� .

-lrd_admin_pwd pdoslrd� �� Tivoli Access

Manager �� .

-lrd_config pdoslrd � �� .

-lrd_local_domain pdoslrd � �� Tivoli

Access Manager �� . pdoslrd �

�� Tivoli Access Manager

�� (pdacld)� ��

��, pdoslrd � pdacld � �

��

� �� . Tivoli Access Manager

policy ��

��, �� pdoslrd � pdosd �

� ��

�� . � �� ,

�� pdosd ��

�� .


� �� -lrd_admin_name � -lrd_admin_pwd

� � ��

�� .

�� A. �� 93

� 9. �� (��)

��

-net_ACL_limited �� policy ��

/OSSEAL/branch/NetIncoming �

/OSSEAL/branch/NetOutgoing ��

� �� ACL� ��

��. policy ��

policy� �� , ACL ��

� ��

��.

-operations �� .

-pdosauditd_log

_entries

pdosauditd ��

�� pdosauditd �� . 0� ��

�� pdosauditd

��

��. -pdosauditd_log_entries� 0� ��

-pdosauditd_logs� 0� �� ,

pdosauditd ��

-pdosauditd_log_entries� ��

�� pdosauditd � ��

� � ��. -pdosauditd_log_entries

� 0� �� -pdosauditd_logs� 0 ��,

pdosauditd ��

-pdosauditd_log_entries� ��

�� pdosauditd � ��

� � ��.

��: 0

��: Maxint

��: 0

-pdosauditd_logs pdosauditd ��

�� pdosauditd ��

�. pdosauditd �� 0

� �� -pdoslrd_log_entries

� 0� �� .

pdosauditd ��

-pdoslrd_log_entries� ��

� � �� pdosauditd � ��

��. 0� �� pdosauditd �

� ��

��.

��: 0

��: 99

��: 0

-pdosd_init_wait pdosd� ��(� policy �� )� ��

�� ( ). � � policy� �

�� .

��: 1

��: 20

��: 5


� 9. �� (��)

��

-pdosd_log_entries pdosd ��

pdosd �� . 0� ��

�� pdosd ��

�� .

-pdosd_log_entries� 0� �� -pdosd_logs�

0� �� , pdosd ��

� -pdosd_log_entries� ��

�� pdosd � ��

��. -pdosd_log_entries� 0� ��

-pdosd_logs� 0� ��, pdosd ��

� �� -pdosd_log_entries� ��

�� pdosd � ��

��.

��: 1

��: 20

��: 5

-pdosd_logs pdosd ��

�� pdosd �� . pdosd

�� 0� ��

�� -pdosd_log_entries� 0� ��

�� . pdosd ��

�� -pdosd_log_entries� ��

�� pdosd � ��

��. 0� �� pdosd ��

� �� .

��: 0

��: 99

��: 0

-pdoslrd_log_entries pdoslrd ��

� pdoslrd �� . 0� ��

� �� pdoslrd ��

�� .

-pdoslrd_log_entries� 0� ��

-pdoslrd_logs� 0� �� , pdoslrd ��

�� -pdoslrd_log_entries� �

�� pdoslrd

� �� .

-pdoslrd_log_entries� 0� ��

-pdoslrd_logs� 0� ��, pdoslrd ��

� �� -pdoslrd_log_entries� ��

� �� pdoslrd � ��

� � ��.

��: 0

��: maxint

��: 0

-pdoslrd_logs pdoslrd ��

� �� pdoslrd �� .

pdoslrd �� 0� ��

�� -pdoslrd_log_entries� 0� �

� �� . pdoslrd ��

�� -pdoslrd_log_entries

� �� pdoslrd

� �� . 0� �

�� pdoslrd ��

�� .

��: 0

��: 99

��: 0

�� A. �� 95

� 9. �� (��)

��

-pdoswdd_log _entries pdoswdd ��

� pdoswdd �� . 0� ��

� �� pdoswdd ��

�� .

-pdoswdd_log_entries� 0� ��

-pdoswdd_logs� 0� �� , pdoswdd �

� �� -pdoswdd_log_entries

� �� pdoswdd

� �� .

-pdoswdd_log_entries� 0� ��

-pdoswdd_logs� 0 ��, pdoswdd ��

��

-pdoswdd_log_entries� ��

�� pdoswdd � ��

��.

��: 0

��: maxint

��: 0

-pdoswdd_logs pdoswdd ��

� �� pdoswdd �� .

pdoswdd �� 0� ��

�� -pdoswdd_log_entries� 0�

�� . pdoswdd �

� �� -pdoswdd_log_entries�

�� pdoswdd

� �� . 0� ��

�� pdoswdd ��

�� .

��: 0

��: 99

��: 0

-refresh_interval Tivoli Access Manager ��

� �� ,

policy ��

��( ). � 0� policy ��

� �� .

-ssl_listening_port� �� .

��: 0

��: maxint/60

��: 0

-rspfile ��

-ssl_listening_port policy ��

��. � 0� policy ��

�� .

-refresh_interval �� .

��: 0

��: 65535

��: 7134

-suffix �� Tivoli Access Manager for


�� LDAP ��

-tcb_ignore_ctime TCB(Trusted Computing Base) ��

� � ctime� ��. � ��

�, ctime� �� TCB ��

� � ��.

on | off

��: off

-tcb_interval �� TCB ��

� �� (�). ��

�� .

��: 1

��: maxint

��: 1800


� 9. �� (��)

��

-tcb_max_file_size ��

� �� MB �. � � ��

�� .

��: 1

��: (2^44) -

1

��: 10

-tcb_monitor_threads �� TCB ��

� � �� . � �� 1��

� �� . �

�� .

��: 1

��: maxint

��: 1

-tcb_nocrc_on_exec TCB� ��

�� CRC

(Cyclec Redundancy Check) ��

� �� . � ��

�� 2 �� CRC ��

� �� .

on | off

��: off

-uid UID/GID� ��/� ��

�� .

on | off

��: off

-usage �� .

-user_cred_refresh �� ( )� �� . ��: 1

��: maxint

��: 720

-version pdoscfg �� .

-warning �� . on | off

��: on

-? �� .

�� A. �� 97

�� B. ��

Tivoli Access Manager for Operating Systems �� pdosucfg� ��

� �� .

� 10. ��

��

-admin_name �� . admin_pwd� ��

sec_master_pwd �� .

-admin_pwd ��

-help �� . � ��

�� -help -<option>� �

��.

-lrd_admin_name PDOSLRD� �� Tivoli

Access Manager �� .

-lrd_admin_pwd PDOSLRD� �� Tivoli

Access Manager �� .

-operations �� .

-remove_only_once Tivoli Access Manager for Operating Systems

�� policy� �� . �� Tivoli


� � Tivoli Access Manager policy ��

� �� , �� . ��

� �� . �� policy� �

�� , �� .

on | off

��: off

-remove_per_policy � �� policy ��

�� Tivoli Access Manager for Operating

Systems �� . �� Tivoli


� � policy �� , ��

�� . ��

��. � �� policy� policy ��

�� , �� .

on | off

��: off

-rspfile file_name ��

�.

��

�.

-usage �� .

-version pdosucfg �� .

-? �� .


�� C. Tivoli Access Control Facility��

Tivoli Access Manager for Operating Systems�� UNIX� eTrust Access Control

� �� policy� �� . ��

�� eTrust Access Control, �� 5.0, sedb2scr �� eTrust

�� , � �� selang ��

�� .


�� , �� . ��

� UNIX� eTrust Access Control �� Tivoli Access Manager

�� , eTrust �� Tivoli Access Manager for Operating Systems

�� , ACL(Access Control List) � POP(Protected Object Policy)� �

� �� . �� eTrust �� Tivoli Access

Manager for Operating Systems �� eTrust �� Tivoli Access

Manager pdadmin �� .

se2pdos ��

� �� se2pdos �� . ��

��. �� . �

� �� , stdin�� .

��

se2pdos [-f input file] [-o output file] [-e error file] [-na] [-nc] [-nr] [-s][-w {012}] [-i] [-1][-p branch] [-g "suffix"] [-u "suffix"] [-?] [-h] [-V] [-no][-nO]

��

� 11. se2pdos ��

��

-f input file �� stdin

-o output file � �� stdout

-e error file ��/��

-nc editres �� editfile ��

��

��

editres �� editfile� ��

��

-nr �� (�)� ��

��

� ��


� 11. se2pdos �� (��)

��

-na �� (��)� ��

� ��

� ��

-p branch IBM Tivoli Access Manager for

Operating Systems policy ��

��

osseal.conf� �; ��

�� ″default″

-s � ��

�

�� (-na �� -nr� �

� ��)

-w # ��

0 = ��

1 = ��

2 = ��

�

�� 1

-i � ��

-1 � ��

-g suffix �� (-na �� -u� ��

�� )

-u �(�� ; �� ,

�� )

-u suffix �� (-na �� -g� �

�� )

-g �(�� ; �� ,

�� )

-? �� n/a

-V �� n/a

-no nobody� �� -no� -nO� �� , -no

� �� .

-nO �� owner ��

��

� �� . �� Tivoli

Access Control Facility �� sedb2scr.out�� . �

� � LDAP �� .


Tivoli Access Control Facility �� Tivoli Access Manager ��

�� .

se2pdos -nr -s -u "ou=users, o=IBM, c=US" -g "ou=groups, o=IBM, c=US" \-f sedb2scr.out -o se2pdos.out

pdadmin -a sec_master -p password <se2pdos.out

-s �� .

� �� , � DN� ″group″�

��. �� , �� .


editgrp ("mygroup") name(’My group’) owner(’root’)

�

se2pdos -u"o=tivoli,c=us" -f mygroup.se

� �� .

group create mygroup "cn=mygroup group, o=IBM,c=US" "mygroup"group modify mygroup description "My group"

� DN� ��

��.


Tivoli Policy Director policy ��

�� .

se2pdos -na -i -f sedb2scr.out -o se2pdos.outpdadmin -a sec_master -p password <se2pdos.out

-i �� se2pdos �� Tivoli Access Control Facility� IBM Tivoli

Access Manager for Operating Systems� ��, �� pdadmin� �

�� .

Tivoli Access Control Facility � ��

kevinc.se�� Tivoli Access Control Facility � �� Tivoli Access

Manager for Operating Systems� �� .

se2pdos -1 -f kevinc.se -o kevinc.pdos -u "ou=users, o=IBM, c=us"

�� kevinc.se �� /home/kevinc/filea��

� �� policy� �� . -1 ��

� � ��. kevinc.se �� .

editusr ("kevinc") restrictions (days(AnyDay) time(AnyTime)) name(’Kevin Cee’) \grace(1) audit(FAILURE LOGINFAILURE)chusr ("kevinc") owner(’root’)join ("kevinc") group(’staff’)newres FILE ("/home/kevinc/filea") audit(FAILURE) defaccess(NONE) uid(’kevinc’)authorize FILE ("/home/kevinc/filea") audit(FAILURE) access(ALL) uid(’kevinc’)authorize FILE ("/home/kevinc/filea") audit(FAILURE) access(ALL) uid(’root’)

�� C. Tivoli Access Control Facility�� 103

�� D. ��

� �� . IBM� ��

�� , �� . �

� �� IBM � ��

�. � �� IBM ��, �� IBM ��, �

�� . IBM� ��

�� , �� , ��

� ��. �� IBM ��, ��

� �� .

IBM� � ��

� �� . � ��

� ��. �� .

135-270

�� 467-12, ��

�� .�.� ��

��

��: 080-023-8080

2��(DBCS) �� IBM ��

�� .

IBM World Trade Asia Corporation

Licensing

2-31 Roppongi 3-chome, Minato-ku

Tokyo 106, Japan

� �� . IBM�

�� , ��

(, �� ) ��

�� . ��

�� , � �� .

� �� . � �

�� , �� . IBM� � ��

�� (��) �� (��) ��

��.


� �� IBM� � �� , ��

�� . � � ��

IBM ��

� �� .

IBM� ��

� �� .

(1) �� (� �� ) �� (2)

��

�� .

135-270

�� 467-12, ��

�� .�.� ��

��

�� (�� , �� )� ��

��.

� ��

�� IBM� IBM ��, IBM �� (IPLA)

�� .

� �� . ��

� �� . ��

��

�� . ��

� �� . � ��

� �� .

�IBM �� , ��

�� . IBM�� IBM �� , ��

�� , �� .

�IBM �� .

IBM� ��

�.

� �� , � � �� .


�

�� IBM Corporation� ��.

AIX

DB2

IBM

IBM ��

OS/390

SecureWay

Tivoli

Tivoli ��

Tivoli Management Environment

Tivoli Enterprise Console

zSeries

Lotus� �� IBM Corporation � Lotus Development

Corporation� ��.

Microsoft, Windows, Windows NT � Windows ��

�� Microsoft Corporation� ��.

Java � �� Java � �� Sun

Microsystems, Inc.� �� .

UNIX� �� Open Group� ��.

�� , �� .

�� D. �� 107

��

��

URL 7

��

AIX 33

HP-UX 35

Linux 39

Solaris 37

��

�� 40

�� 43

�� 41

�� 44

� URL 7

��, �� 101

�� 55

�� 68

�� 69

�� 68

�� 69

�� 68

�� 55

�� 58

�� 60, 91

�� 77

�� 79

�� 80

�� 99

�� 3

�� URL 7

��

pdostecd �� 71

�� 81

�� 52

�� 13, 46, 101

se2pdos 101

Tivoli Access Control Facility 101

��

�� vii

�� vii

�� 53

��

pdoscfg 55, 58

pdosteccfg 71

pdosucfg 77

��

AIX 34

HP-UX 36

Linux 39

Solaris 38

�� 69, 80

��

�� 101

�� 101

�� 101

�� 102

� 101

��

�� 101

�� 13

��

�� vii

�� vii

��

�� 81

�� 12

�� 12

�� 9

�� 26

�� 10

�� (��)

�� 11, 15

InstallShield Multiplatform GUI 10, 15

InstallShield MultiPlatform � ��

10, 15

�� 83

�� 88

�� 88

AIX 84

HP-UX 85

InstallShield Multiplatform 84

Linux 88

Solaris 86

Tivoli Management Framework 90

�� CD �� 5

�� 29

�� 9

�� 9

�� ix

��

�� 69, 80

� � � 74

��

�� 7, 48

�� 7, 48

��

�� 88

Java �� 49

Tivoli Management Framework �� 51

��

�� 49

�� 49

��

�� 13

�� 46

��

�� 80

�� 88

�� 80

HP-UX�� 89

Linux�� 90


�� (��)

Solaris�� 90

��, �� 102

�� viii

�

�� 60

�� 101

se2pdos 101

� �� viii

�� 68, 69

�� 79

�� 69

�� 80

�� 68

��

�� 69

��

�� 68

�� 30

��

�� 1

�� 2

�� 73

�� (�� ) �� 54

�� viii

�� 9

AACL �� 57

Admintool

Solaris 37

AIX

�� 33

�� 34

�� 84

SMIT 33

autostart 73

CCD �� 3

FFramework CD �� 6

HHP-UX

�� 35

�� 36

�� 85

swinstall 35

IInstallShield Multiplatform 16

� � 19

�� 17

JJava 49

Java ��

�� 49

LLANGPACK.IND � 52

Linux

�� 39

�� 39

�� 88

Ppdoscfg 55, 58, 91

� 69

pdoscfg� � � �� 69

pdosteccfg 71

�� 71

�� 72

pdostecd

�� 75

�� 75

pdosucfg 77, 80, 99

� 77

pdosucfg� � � �� 80

policy branch 11

Sse2pdos

�� 101

� 101

SMIT 84

AIX� �� 33

Solaris

�� 37

�� 38

�� 86

Admintool 37

svrsslcfg 56

swinstall

HP-UX� �� 35

TTivoli Access Control Facility 101

�� 9

Tivoli Access Control Facility��

�� 9


Systems �� 73


Systems �� 74

Tivoli Enterprise Console Integration

�� 42

�� 45

�� 43

�� 45

Tivoli Management Framework 40, 51

�� 90

Tivoli Management Framework ��

�� 51

Tivoli �� 40


��

Printed in Denmark by IBM Danmark A/S

SA30-1841-01

ibm tivoli access manager for operating...

Documents