NAME
TAMeb::Admin::Context
SYNOPSIS
use TAMeb::Admin::Context;
$pdadmin = TAMeb::Admin::Context->new( password => 'foobar' );
$resp->iserror() and die "Couldn't establish context\n";
Description
TAMeb::Admin::Context handles the context related functions in the TAM API. For the most part, it is used solely for establishing the context. There are, however, some global parameters that are set using this module.
As with all the other modules in this collection, you must have the Authentication ADK installed to use this modules.
CONSTRUCTOR
new ( OPTIONS )
Logs into the policy server's domain, In TAM speak, it creates a new context. There are two different ways to call this function. At the bare minimum, you can simply provide a password. This will then rely upon the configuration of the PDRTE to figure out the rest of the information. This is the same base effect as saying "pdadmin -a sec_master -p <password>". You can also specify the userid and the domain with this method.
Alternately, you can specify all of the parameters below and log into any domain with out changing the configuration of your RTE. If anyone of the parameters other than password, userid or domain are set, all must be set.
Parameters
- password => PASSWORD
-
The password to be used when binding to the policy server. This is the only mandatory parameter.
- userid => USERID
-
The ID to use when binding to the policy server. (Default:sec_master)
- domain => DOMAIN
-
The domain into which to bind. (Default: uhh.. Default )
- codeset => [UTF|LOCAL]
-
The codeset to be used to encode the character data. It can be either UTF or LOCAL.
- server => SERVER
-
The name of the policy server. This can be either a hostname or an IP address.
- port => PORT
-
The port on which the policy server listens.
- keyringfile => PATH
-
The fully qualified path name ( FQPN ) to the keydatabase for the policy domain.
- keystashfile => PATH
-
The FQPN to the stashed password for the keyring
- configfile => PATH
-
The FQPN to the pd.conf file
Returns
A fully blessed TAMeb::Admin::Context object, or it will die on error. If you cannot establish a context, nothing else will work.
METHODS
Most of the methods available on a TAMeb::Admin::Context object follow the same rules. The TAMeb::Admin::Response object will always contain the results of a 'get'. If any of the optional parameters are sent, a 'set' will be performed.
accexpdate( SECONDS | 'unset' | 'unlimited' )
Returns the currently configured global account expiration date.
Parameters
- SECONDS | 'unset' | 'unlimited'
-
The date when all passwords will expire. The date is expressed as seconds since the beginning of the Epoch.
Returns
"unlimited", "unset" or the date in seconds since the Epoch when the passwords will expire.
disabletimeint (SECONDS | 'disable' | 'unset' )
Returns the currently configured global account disable timeout.
Parameters
- SECONDS | 'disable' | 'unset'
-
The number of seconds an account will be disabled due to failed logins
Returns
"disabled", "unset" or the time in seconds an account will be disabled
maxlgnfails ( N | 'unset' )
Returns the currently configured global maximum number of failed login attempts.
Parameters
Returns
"unset" or the number of allowed failed login attempts allowed.
maxpwdage ( SECONDS | 'unset')
Returns the currently configured global maximum password age.
Parameters
Returns
"unset" or the maximum age of passwords in seconds.
maxpwdrepchars ( CHARS | 'unset' )
Returns the maximum repeated characters allowed in a password
Parameters
Returns
"unset" or the maximum repeated characters allowed in a password.
minpwdalphas ( CHARS | 'unset' )
Returns the minimum alphabetic characters in a password
Parameters
Returns
"unset" or the minimum alphabetic characters allowed in a password.
minpwdnonalphas ( CHARS | 'unset' )
Returns the minimum non-alphabetic characters in a password
Parameters
Returns
"unset" or the minimum non-alphabetic characters allowed in a password.
minpwdlen ( CHARS | 'unset' )
Returns the minimum password length
Parameters
Returns
"unset" or the minimum length of a password.
pwdspaces ( 0 | 1 | 'unset' )
Returns the current policy on spaces in passwords
Parameters
Returns
"unset" or 'allowed'.
tod( days => 'unset' )
tod ( days => [array], start => N, end => N, reference => local | UTC )
Returns the current time of day access policy
Parameters
- days
-
'unset' will cause the the time of day access policy to be unset. Otherwise, days should be a reference to an array containing some combination of: mon, tue, wed, thu, fri, sat, sun or any.
If the word 'any' is found anywhere in the array, it will over ride all the others.
- start
-
The beginning of the allowed access time, expressed in 24-hour format. Since perl will try to interpret any number starting with a 0 as an octal number ( leading to annoying problems with 09xx ), you need to either drop the preceding 0 ( eg, 900 ) or specify it as a string ( '0900' ).
- end
-
The end of the allowed access time. See the previous item for the caveats.
- UTC|local
-
Under the covers, start and end are calculated as minutes past midnight. TAM needs to know if you are referencing midnight UTC or midnight local time. The default is 'local'.
Returns
A TAMeb::Admin::Response object, the value of which is a hash with the key/value pairs:
- days
-
An array reference to the days for which the policy is enforced. If the TOD policy is unset, this refers to an empty array.
- start
-
The time of day when access is allowed, expressed in 24-hour format. If the TOD policy is unset, this will be zero.
- end
-
The time of day when access is denied, expressed in 24-hour format. If the TOD policy is unset, this will be zero.
- reference
-
UTC or local. If the policy is unset, this will be local.
The following methods are all read-only. I will not bother to say that again, nor will you see any of the usual 'Parameter' or 'Returns' headings - the description tells you the return value.
userreg
Returns the user registry that TAM is configured against.
isauthenticated
Returns true if the current context is authenticated
codeset
Returns the codeset currently associated with the context - "UTF8" or "LOCAL"
domainid
Returns the name of the domain associated with the context
mgmtdomain
Returns the management domain associated with the context.
mgmtsvrhost
Returns the hostname of the Policy Server
mgmtsvrport
Returns the port of the Policy Server
userid
Returns the user id user to create the context.
SEE ALSO
ACKNOWLEDGEMENTS
Please read TAMeb::Admin for the full list of acks. I stand upon the shoulders of giants.
BUGS
None at the moment.
AUTHOR
Mik Firestone <mikfire@gmail.com>
COPYRIGHT
Copyright (c) 2004-2011 Mik Firestone. All rights reserved. This program is free software; you can redistibute it and/or modify it under the same terms as Perl itself.
All references to TAM, Tivoli Access Manager, etc are copyrighted by IBM.