This section provides step-by-step instructions used to administer policies with the SEAM Tool. This section also provides examples of command-line equivalents, when available.
Task |
Description |
For Instructions |
---|---|---|
View the list of policies. |
View the list of policies by clicking the Policies tab. | |
View a policy's attributes. |
View a policy's attributes by selecting the policy in the Policy List, then clicking the Modify button. | |
Create a new policy. |
Create a new policy by clicking the Create New button in the Policy List panel. | |
Duplicate a policy. |
Duplicate a policy by selecting the policy to duplicate in the Policy List, then clicking the Duplicate button. | |
Modify a policy. |
Modify a policy by selecting the policy to modify in the Policy List, then clicking the Modify button. Note that you cannot modify a policy's name. To rename a policy, you must duplicate the policy, specify a new name for it, save it, and then delete the old policy. | |
Delete a policy. |
Delete a policy by selecting the policy to delete in the Policy List, then clicking the Delete button. |
An example of the command-line equivalent follows this procedure.
If necessary, start the SEAM Tool.
See How to Start the SEAM Tool for more information.
$ /usr/sbin/gkadmin |
Click the Policies tab.
The list of policies is displayed.
Display a specific policy or a sublist of policies.
Type a filter string in the Filter field, and press Return. If the filter succeeds, the list of policies that match the filter is displayed.
The filter string must consist of one or more characters. Because the filter mechanism is case sensitive, you need to use the appropriate uppercase and lowercase letters for the filter. For example, if you type the filter string ge, the filter mechanism displays only the policies with the ge string in them (for example, george or edge).
If you want to display the entire list of policies, click Clear Filter.
In the following example, the list_policies command of kadmin is used to list all the policies that match *user*. Wildcards can be used with the list_policies command.
kadmin: list_policies *user* testuser enguser kadmin: quit |
An example of the command-line equivalent follows this procedure.
If necessary, start the SEAM Tool.
See How to Start the SEAM Tool for more information.
$ /usr/sbin/gkadmin |
Click the Policies tab.
Select the policy in the list that you want to view, then click Modify.
The Policy Details panel is displayed.
When you are finished viewing, click Cancel.
The following example shows the Policy Details panel when you are viewing the test policy.
In the following example, the get_policy command of kadmin is used to view the attributes of the enguser policy.
kadmin: get_policy enguser Policy: enguser Maximum password life: 2592000 Minimum password life: 0 Minimum password length: 8 Minimum number of password character classes: 2 Number of old keys kept: 3 Reference count: 0 kadmin: quit |
The Reference count is the number of principals that use this policy.
An example of the command-line equivalent follows this procedure.
If necessary, start the SEAM Tool.
See How to Start the SEAM Tool for more information.
$ /usr/sbin/gkadmin |
Click the Policies tab.
Click New.
The Policy Details panel is displayed.
Specify a name for the policy in the Policy Name field.
The policy name is mandatory.
Specify values for the policy's attributes.
Choose Context-Sensitive Help from the Help menu for information about the various attributes in this window. Or, go to Table 25–5 for all the policy attribute descriptions.
Click Save to save the policy, or click Done.
In the following example, a new policy called build11 is created. The Minimum Password Classes is set to 3.
In the following example, the add_policy command of kadmin is used to create the build11 policy. This policy requires at least 3 character classes in a password.
$ kadmin kadmin: add_policy -minclasses 3 build11 kadmin: quit |
This procedure explains how to use all or some of the attributes of an existing policy to create a new policy. No command-line equivalent exists for this procedure.
If necessary, start the SEAM Tool.
See How to Start the SEAM Tool for more information.
$ /usr/sbin/gkadmin |
Click the Policies tab.
Select the policy in the list that you want to duplicate, then click Duplicate.
The Policy Details panel is displayed. All the attributes of the selected policy are duplicated, except for the Policy Name field, which is empty.
Specify a name for the duplicated policy in the Policy Name field.
The policy name is mandatory. To make an exact duplicate of the policy you selected, skip to Step 6.
Specify different values for the policy's attributes.
Choose Context-Sensitive Help from the Help menu for information about the various attributes in this window. Or, go to Table 25–5 for all the policy attribute descriptions.
Click Save to save the policy, or click Done.
An example of the command-line equivalent follows this procedure.
If necessary, start the SEAM Tool.
See How to Start the SEAM Tool for details.
$ /usr/sbin/gkadmin |
Click the Policies tab.
Select the policy in the list that you want to modify, then click Modify.
The Policy Details panel is displayed.
Modify the policy's attributes.
Choose Context-Sensitive Help from the Help menu for information about the various attributes in this window. Or, go to Table 25–5 for all the policy attribute descriptions.
You cannot modify a policy's name. To rename a policy, you must duplicate the policy, specify a new name for it, save it, and then delete the old policy.
Click Save to save the policy, or click Done.
In the following example, the modify_policy command of kadmin is used to modify the minimum length of a password to five characters for the build11 policy.
$ kadmin kadmin: modify_policy -minlength 5 build11 kadmin: quit |
An example of the command-line equivalent follows this procedure.
Before you delete a policy, you must cancel the policy from all principals that are currently using it. To do so, you need to modify the principals' Policy attribute. The policy cannot be deleted if any principal is using it.
If necessary, start the SEAM Tool.
See How to Start the SEAM Tool for more information.
$ /usr/sbin/gkadmin |
Click the Policies tab.
Select the policy in the list that you want to delete, then click Delete.
After you confirm the deletion, the policy is deleted.
In the following example, the delete_policy command of the kadmin command is used to delete the build11 policy.
kadmin: delete_policy build11 Are you sure you want to delete the policy "build11"? (yes/no): yes kadmin: quit |
Before you delete a policy, you must cancel the policy from all principals that are currently using it. To do so, you need to use the modify_principal -policy command of kadmin on the affected principals. The delete_policy command fails if the policy is in use by a principal.