test

Sun Enterprise Authentication Mechanism Guide

Administering Policies

This section provides step-by-step instructions to administer policies using the SEAM Tool. It also provides command-line equivalent examples, when available, using the kadmin command after each procedure.

Administering Policies Task Map

Table 5-3 Administering Policies Task Map

Task 

Description 

For Instructions, Go To ... 

View the List of Policies 

View the list of policies by clicking the Policies tab. 

"How to View the List of Policies"

View a Policy's Attributes 

View a policy's attributes by selecting the Policy in the Policy List and clicking the Modify button. 

"How to View a Policy's Attributes"

Create a New Policy 

Create a new policy by clicking the Create New button in the Policy List panel. 

"How to Create a New Policy"

Duplicate a Policy 

Duplicate a policy by selecting the policy to duplicate in the Policy List and clicking the Duplicate button. 

"How to Duplicate a Policy"

Modify a Policy 

Modify a policy by selecting the policy to modify in the Policy List and clicking the Modify button. 

Note that you cannot modify a policy's name. To rename a policy, you must duplicate the policy, specify a new name for it, save it, and then delete the old policy. 

"How to Modify a Policy"

Delete a Policy 

Delete a policy by selecting the policy to delete in the Policy List and clicking the Delete button. 

"How to Delete a Policy"

How to View the List of Policies

An example of the corresponding command-line equivalent follows this procedure.

  1. If neccessary, start the SEAM Tool.

    See "How to Start the SEAM Tool" for details.

  2. Click the Policies tab.

    The list of policies is displayed.

    Graphic

  3. To display a specific principal or sublist of policies, enter a filter string in the Filter Pattern field and press return. If the filter succeeds, the list of policies matching the filter is displayed.

    The filter string must consist of one or more characters. And, because the filter mechanism is case sensitive, you need to use the appropriate uppercase and lowercase letters for the filter. For example, if you enter the filter string ge, the filter mechanism will display only the policies with the ge string in them (for example, george or edge).

    If you want to display the entire list of policies, click Clear Filter.

Example--Viewing the List of Policies (Command Line)

The following example uses the list_policies command of kadmin to list all the policies that match *user*. Wildcards can be used with the list_policies command.


kadmin: list_policies *user*
testuser
enguser
kadmin: quit

How to View a Policy's Attributes

An example of the corresponding command-line equivalent follows this procedure.

  1. If neccessary, start the SEAM Tool.

    See "How to Start the SEAM Tool" for details.

  2. Click the Policies tab.

  3. Select the policy in the list that you want to view and click Modify.

    The Policy Details panel is displayed.

  4. When you are finished viewing, click Cancel.

Example--Viewing a Policy's Attributes

The following example shows the Policy Details panel when viewing the test policy.

Graphic

Example--Viewing a Policy's Attributes (Command Line)

The following example uses the get_policy command of kadmin to view the attributes of the enguser policy.


kadmin: get_policy enguser
Policy: enguser
Maximum password life: 2592000
Minimum password life: 0
Minimum password length: 8
Minimum number of password character classes: 2
Number of old keys kept: 3
Reference count: 0
kadmin: quit

The reference count is the number of principals using that policy.

How to Create a New Policy

An example of the corresponding command-line equivalent follows this procedure.

  1. If neccessary, start the SEAM Tool.

    See "How to Start the SEAM Tool" for details.

  2. Click the Policies tab.

  3. Click New.

    The Policy Details panel is displayed.

  4. Specify a name for the policy in the Policy Name field.

    The policy name is mandatory.

  5. Specify values for the policy's attributes.

    Choose Context-Sensitive Help from the Help menu to get information about the various attributes in each window. Or, go to Table 5-7 for all the policy attribute descriptions.

  6. Click Save to save the policy, or click Done.

Example--Creating a New Policy

The following example shows creating a new policy called build11. So far, the Minimum Password Classes has been changed to 3.

Graphic

Example--Creating a New Policy (Command Line)

The following example uses the add_policy command of kadmin to create the build11 policy that requires at least 3 character classes in a password.


$ kadmin
kadmin: add_policy -minclasses 3 build11
kadmin: quit

How to Duplicate a Policy

This procedure explains how to use all or some of the attributes of an existing policy to create a new policy. There is no command-line equivalent for this procedure.

  1. If neccessary, start the SEAM Tool.

    See "How to Start the SEAM Tool" for details.

  2. Click the Policies tab.

  3. Select the policy in the list that you want to duplicate and click Duplicate.

    The Policy Details panel is displayed. All the attributes of the selected policy are duplicated except for the Policy Name field, which is empty.

  4. Specify a name for the duplicated policy in the Policy Name field.

    The policy name is mandatory. If you want to make an exact duplicate of the policy you selected, click Save and skip to the last step.

  5. Specify different values for the policy's attributes.

    Choose Context-Sensitive Help from the Help menu to get information about the various attributes in each window. Or, go to Table 5-7 for all the policy attribute descriptions.

  6. Click Save to save the policy, or click Done.

How to Modify a Policy

An example of the corresponding command-line equivalent follows this procedure.

  1. If neccessary, start the SEAM Tool.

    See "How to Start the SEAM Tool" for details.

  2. Click the Policies tab.

  3. Select the policy in the list that you want to modify and click Modify.

    The Policy Details panel is displayed.

  4. Modify the policy's attributes.

    Choose Context-Sensitive Help from the Help menu to get information about the various attributes in each window. Or, go to Table 5-7 for all the policy attribute descriptions.

    Note -

    You cannot modify a policy's name. To rename a policy, you must duplicate the policy, specify a new name for it, save it, and then delete the old policy.

  5. Click Save to save the policy, or click Done.

Example--Modifying a Policy (Command Line)

The following example uses the modify_policy command of kadmin to modify the minimum length of a password to five characters for the build11 policy.


$ kadmin
kadmin: modify_policy -minlength 5 build11
kadmin: quit

How to Delete a Policy

An example of the corresponding command-line equivalent follows this procedure.

  1. If neccessary, start the SEAM Tool.

    See "How to Start the SEAM Tool" for details.

  2. Click the Policies tab.

    Note -

    Before deleting a policy, you must cancel the policy from all principals currently using it (you need to modify the principals' Policy attribute). The policy cannot be deleted if it is in use by any principal.

  3. Specify the policy in the list that you want to delete and click Delete.

    After you confirm the deletion, the policy is deleted.

Example--Deleting a Policy (Command Line)

The following example uses the delete_policy command of kadmin command to delete the build11 policy.


kadmin: delete_policy build11 
Are you sure you want to delete the policy "build11"? (yes/no): yes
kadmin: quit

Before deleting a policy, you must cancel the policy from all principals currently using it (you need to use the modify_principal -policy command of kadmin on the principals). The delete_policy command will fail if it is in use by a principal.