以下是PSMP服务器的某些管理任务。

  • 控制PSMPSRV服务
  • 将远程SSH中国体育彩票开奖添加到PSMP服务器
  • PSMPAPP_帐户身份验证失败和PSMP断开连接

控制PSMPSRV服务

/etc/init.d/psmpsrv {start|stop|restart|status} [{psmp|psmpadb}]

将远程SSH中国体育彩票开奖添加到PSMP服务器

默认情况下,只有root中国体育彩票开奖只能从控制台登录。其他中国体育彩票开奖将触发PSMP服务以使用特权帐户登录远程服务器,如屏幕截图所示。

以下是简单的步骤,使新中国体育彩票开奖能够远程登录PSMP服务器以进行管理工作。

1 在/ etc / ssh目录中,打开 sshd_config. 编辑配置文件。

2 将以下参数添加到文件中:
psmp_maintunususers.<username>,<username>

此示例将允许以下管理中国体育彩票开奖:User1,以“user2”结尾的所有中国体育彩票开奖,所有中国体育彩票开奖都以“User3”和包含“User4”的所有中国体育彩票开奖。
psmp_maintunususers.<user1>,<*user2>,<user3*>,<*user4*>

3 保存更改并关闭SSHD_CONFIG配置文件。 

4 创建一个新中国体育彩票开奖并将其分配给Wheel组
UserAdd Root1.
passwd root1.
Usermod -Ag root1

5 重新启动SSHD服务以获取这些更改以采取影响:
/etc/init.d/sshd restart 
5 使用root1登录后, sudo -i. 切换到root帐户。



笔记: //docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Administrating-the-PSMP.htm?Highlight=PSMP%20administration

PSMPAPP_帐户身份验证失败和PSMP断开连接



[[email protected] conf]# vi /etc/opt/CARKpsmp/conf/basic_psmpserver.conf
[Main]
PSMPServerVaultFile="/etc/opt/CARKpsmp/vault/vault.ini"
PSMPServerCredFile="/etc/opt/CARKpsmp/vault/psmpappuser.cred"
PSMPServerGWCredFile="/etc/opt/CARKpsmp/vault/psmpgwuser.cred"
LogsFolder="/var/opt/CARKpsmp/logs"
LocalParmsFileFolder="/var/opt/CARKpsmp"
TempFolder="/var/opt/CARKpsmp/temp"
PSMPConfigurationSafe="PVWAConfig"
PSMPConfigurationFolder="Root"
PSMPPVConfigurationFileName="PVConfiguration.xml"
PSMPPoliciesConfigurationFileName="Policies.xml"
PSMPServerId="PSMPServer"
PSMPTempFolder="/var/opt/CARKpsmp/temp"
我们需要重置PSMPAPPUSER.CRED文件和Vault PSMPAPP_PSMP密码。
C:\CyberArk\Password Vault Web Access\Env>CreateCredFile.exe psmpappuser.cred
Vault Username [mandatory] ==> PSMPAPP_psmp
Vault Password (will be encrypted in credential file) ==> *********
Disable wait for DR synchronization before allowing password change (yes/no) [No
] ==>
External Authentication Facility (LDAP/Radius/No) [No] ==>
Restrict to Application Type [optional] ==>
Restrict to Executable Path [optional] ==>
Restrict to current machine IP (yes/no) [No] ==>
Restrict to current machine hostname (yes/no) [No] ==>
Restrict to OS User name [optional] ==>
Display Restrictions in output file (yes/no) [No] ==>
Use Operating System Protected Storage for credentials file secret (Machine/User
/No) [No] ==>
Command ended successfully

C:\CyberArk\Password Vault Web Access\Env>CreateCredFile.exe psmpgwuser.cred
Vault Username [mandatory] ==> PSMPGW_psmp
Vault Password (will be encrypted in credential file) ==> *********
Disable wait for DR synchronization before allowing password change (yes/no) [No
] ==>
External Authentication Facility (LDAP/Radius/No) [No] ==>
Restrict to Application Type [optional] ==>
Restrict to Executable Path [optional] ==>
Restrict to current machine IP (yes/no) [No] ==>
Restrict to current machine hostname (yes/no) [No] ==>
Restrict to OS User name [optional] ==>
Display Restrictions in output file (yes/no) [No] ==>
Use Operating System Protected Storage for credentials file secret (Machine/User
/No) [No] ==>
Command ended successfully

C:\CyberArk\Password Vault Web Access\Env>

WinSCP将这两个文件上传到PSMP服务器以替换/ etc / opt / carkpsmp / vault /

psmp_adb_psmp暂停

Privateark服务器控制台中有两个相关错误:

  • 它ATS528E中国体育彩票开奖PSMP_ADB_PSMP的身份验证失败
  • 它ATS433E IP地址192.168.2.27被暂停为PSMP_ADB_PSMP
[[email protected] conf]# cat /etc/opt/CARKpsmpadb/conf/basic_psmpadbridge.conf
[Main]
AppProviderParmsSafe="PSMPADBridgeConf"
AppProviderVaultParmsFolder=Root
AppProviderVaultParmsFile="main_psmpadbridge.conf.linux.11.04"
AppProviderVaultFile="/etc/opt/CARKpsmp/vault/vault.ini"
AppProviderCredFile="/etc/opt/CARKpsmpadb/vault/psmpadbridgeserveruser.cred"
LogsFolder="/var/opt/CARKpsmpadb/logs"
LocalParmsFileFolder="/var/opt/CARKpsmpadb"
TempFolder="/var/opt/CARKpsmpadb/tmp"
AdvancedFIPSCryptography="No"
PIMConfigurationSafe="PVWAConfig"
PIMConfigurationFolder="Root"
PIMPVConfigurationFileName="PVConfiguration.xml"
PIMPoliciesConfigurationFileName="Policies.xml"

激活中国体育彩票开奖PSMP_ADB_PSMP并更新IT密码。

C:\CyberArk\Password Vault Web Access\Env>CreateCredFile.exe psmpadbridgeserveru
ser.cred
Vault Username [mandatory] ==> PSMP_ADB_psmp
Vault Password (will be encrypted in credential file) ==> *********
Disable wait for DR synchronization before allowing password change (yes/no) [No
] ==>
External Authentication Facility (LDAP/Radius/No) [No] ==>
Restrict to Application Type [optional] ==>
Restrict to Executable Path [optional] ==>
Restrict to current machine IP (yes/no) [No] ==>
Restrict to current machine hostname (yes/no) [No] ==>
Restrict to OS User name [optional] ==>
Display Restrictions in output file (yes/no) [No] ==>
Use Operating System Protected Storage for credentials file secret (Machine/User
/No) [No] ==>
Command ended successfully
[[email protected] vault]# cp /home/root1/psmpadbridgeserveruser.cred .
cp: overwrite ‘./psmpadbridgeserveruser.cred’? y
[[email protected] vault]# /etc/init.d/psmpsrv restart
Stopping PSM SSH Proxy....
PSM SSH Proxy was stopped successfully.
Starting PSM SSH Proxy...
PSM SSH Proxy was started successfully.
PSMP ADBridge is already stopped.
Starting PSMP ADBridge...
PSMP ADBridge was started successfully.
[[email protected] vault]#

它还可以使用注册工具覆盖Vault中创建的环境:
//docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PAS%20INST/PSMP_EnivromentManager.htm

建议将默认psmappuser和psmpgwuser参数值更改为唯一值以防止覆盖以前的安装。
/opt/CARKpsmp/bin/envmanager "CreateEnv" -AcceptEULA "Y" -CredFile "/tmp/user.cred" -PSMPAppUser "PSMPAppUser_PSMP1" -PSMPGWUser "PSMPGWUser _PSMP1"

经过 Netsec.

发表评论