Basics of pdadmin: How to work with object policies

April 9, 2013 ~ Anton Khitrenovich ~ Leave a comment

Working with protected object policies (or, in short, POPs) is pretty similar to working with ACLs. In this example we will create a POP that requires the end user to authenticate himself with protection level 1 on access to a junction.

First, we’ll create a new POP and display it’s content:

pdadmin sec_master> pop create level1 
pdadmin sec_master> pop show level1
    Protected object policy:  level1
    Description:
    Warning:  No
    Audit level:  none
    Quality of protection:  none
    Time of day access:  sun, mon, tue, wed, thu, fri, sat, :anytime:local
    IP Endpoint Authentication Method Policy
        Auth Level: 0          Network: Any Other Network

pdadmin sec_master>

Continue reading “Basics of pdadmin: How to work with object policies” →

Basics of pdadmin: How to manage WebSEAL junctions

April 9, 2013April 9, 2013 ~ Anton Khitrenovich ~ 2 Comments

Managing WebSEAL junctions with ‘pdadmin’ command tool is not an easy task. This post will provide a short reference to the most common operations.

First, you need to know the name of the WebSEAL instance you want to manage. Note that it differs from the object path!

pdadmin sec_master> server list
    default-webseald-isam-70.lab.mycompany.com
    ivmgrd-master
pdadmin sec_master>

Continue reading “Basics of pdadmin: How to manage WebSEAL junctions” →

Basics of pdadmin: How to attach ACL to an object

April 7, 2013April 9, 2013 ~ Anton Khitrenovich ~ 1 Comment

Let’s continue our example about unauthenticated junctions in WebSEAL and attach our passthrough ACL to some resource – for example, the famous “favicon.ico” file.

Prerequisites:
* An authenticated ‘pdadmin’ session
* The name of the passthrough ACL (assuming “webseal-passthrough” here)
* The full object name of “favicon.ico” file

So, here it goes:

pdadmin sec_master> acl attach /WebSEAL/isam-70.lab.mycompany.com-default/favicon.ico webseal-passthrough
pdadmin sec_master> acl find webseal-passthrough
/WebSEAL/isam-70.lab.mycompany.com-default/favicon.ico
pdadmin sec_master>

Simple, ah?

Basics of pdadmin: How to find object name of your WebSEAL instance

April 7, 2013April 7, 2013 ~ Anton Khitrenovich ~ 1 Comment

Sometimes you need to find the object name of your WebSEAL instance – for example, to attach an ACL. Typically it is “/WebSEAL/<server-name>-<instance>”, but here is the simplest way to verify that:

pdadmin sec_master> object list /WebSEAL
    /WebSEAL/isam-70.lab.mycompany.com-default
pdadmin sec_master>

Basics of pdadmin: How to create ACLs

April 7, 2013April 7, 2013 ~ Anton Khitrenovich ~ 1 Comment

A year ago I posted an explanation about unauthenticated junctions for WebSEAL. Let’s do the similar task with pdadmin – create a "passthrough" ACL for WebSEAL.

[ Note: This post assumes that you have authenticated ‘pdadmin’ session opened! ]

First, we will create a fresh ACL:

pdadmin sec_master> acl create webseal-passthrough
pdadmin sec_master> acl show webseal-passthrough
    ACL name: webseal-passthrough
    Description:
    Entries:
        User sec_master TcmdbsvaBRl
pdadmin sec_master>

Continue reading “Basics of pdadmin: How to create ACLs” →