COnfusing PAM Terms


Hi,

I am trying to setup the command and control rules for PUM.
But, I really find the terms and documentation confusing. : (
I am having a hard time.

May I know the differences for the following and when to use which?

1) What is run user?
2) What is submit user?
3) What is run host
4) What is submit host?
5) What is the everyone user group? - when to use it?

When to use which?

If I would like to run the host via a "local administrator" account. How
do I configure it?
If I would like to run the host with the user who login to PUM (RDP
Relay). How do I configure it?

Million thanks to any help given : )


--
gumiho
------------------------------------------------------------------------
gumiho's Profile: https://forums.netiq.com/member.php?userid=1295
View this thread: https://forums.netiq.com/showthread.php?t=54600

  • On 11/04/2015 11:44 PM, gumiho wrote:
    >
    > I am trying to setup the command and control rules for PUM.
    > But, I really find the terms and documentation confusing. : (
    > I am having a hard time.


    Have you submitted documentation feedback? That is probably the best
    place for this kind of thing, since it will go directly to the doc writer
    who maintains the documentation that is confusing.

    > May I know the differences for the following and when to use which?
    >
    > 1) What is run user?


    The user as whom the command is actually run if authorized by PAM
    (formerly PUM).

    > 2) What is submit user?


    The user who tries to run the command; i.e.your user.

    > 3) What is run host


    The machine on which the command is run. In case it is not obvious, the
    product allows you to run a command on a remote system from a local
    system, so for example you could prevent any access to a sensitive system,
    but then allow folks to run commands on that box from a controlled
    administration box.

    > 4) What is submit host?


    The box from which you submit a command.

    > 5) What is the everyone user group? - when to use it?


    A group that, as its name implies, matches everybody/anybody.


    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below...