The London Perl and Raku Workshop takes place on 26th Oct 2024. If your company depends on Perl, please consider sponsoring and/or attending.




  use TAMeb::Admin::Context;

  $pdadmin = TAMeb::Admin::Context->new( password => 'foobar' );

  $resp->iserror() and die "Couldn't establish context\n";


TAMeb::Admin::Context handles the context related functions in the TAM API. For the most part, it is used solely for establishing the context. There are, however, some global parameters that are set using this module.

As with all the other modules in this collection, you must have the Authentication ADK installed to use this modules.


new ( OPTIONS )

Logs into the policy server's domain, In TAM speak, it creates a new context. There are two different ways to call this function. At the bare minimum, you can simply provide a password. This will then rely upon the configuration of the PDRTE to figure out the rest of the information. This is the same base effect as saying "pdadmin -a sec_master -p <password>". You can also specify the userid and the domain with this method.

Alternately, you can specify all of the parameters below and log into any domain with out changing the configuration of your RTE. If anyone of the parameters other than password, userid or domain are set, all must be set.


password => PASSWORD

The password to be used when binding to the policy server. This is the only mandatory parameter.

userid => USERID

The ID to use when binding to the policy server. (Default:sec_master)

domain => DOMAIN

The domain into which to bind. (Default: uhh.. Default )

codeset => [UTF|LOCAL]

The codeset to be used to encode the character data. It can be either UTF or LOCAL.

server => SERVER

The name of the policy server. This can be either a hostname or an IP address.

port => PORT

The port on which the policy server listens.

keyringfile => PATH

The fully qualified path name ( FQPN ) to the keydatabase for the policy domain.

keystashfile => PATH

The FQPN to the stashed password for the keyring

configfile => PATH

The FQPN to the pd.conf file


A fully blessed TAMeb::Admin::Context object, or it will die on error. If you cannot establish a context, nothing else will work.


Most of the methods available on a TAMeb::Admin::Context object follow the same rules. The TAMeb::Admin::Response object will always contain the results of a 'get'. If any of the optional parameters are sent, a 'set' will be performed.

accexpdate( SECONDS | 'unset' | 'unlimited' )

Returns the currently configured global account expiration date.


SECONDS | 'unset' | 'unlimited'

The date when all passwords will expire. The date is expressed as seconds since the beginning of the Epoch.


"unlimited", "unset" or the date in seconds since the Epoch when the passwords will expire.

disabletimeint (SECONDS | 'disable' | 'unset' )

Returns the currently configured global account disable timeout.


SECONDS | 'disable' | 'unset'

The number of seconds an account will be disabled due to failed logins


"disabled", "unset" or the time in seconds an account will be disabled

maxlgnfails ( N | 'unset' )

Returns the currently configured global maximum number of failed login attempts.


N | 'unset'

The number of failed login attempts before the account is disabled.


"unset" or the number of allowed failed login attempts allowed.

maxpwdage ( SECONDS | 'unset')

Returns the currently configured global maximum password age.


SECONDS | 'unset'

The maximum age of a password expressed in seconds.


"unset" or the maximum age of passwords in seconds.

maxpwdrepchars ( CHARS | 'unset' )

Returns the maximum repeated characters allowed in a password


CHARS | 'unset'

The maximum number of repeated characters in a password


"unset" or the maximum repeated characters allowed in a password.

minpwdalphas ( CHARS | 'unset' )

Returns the minimum alphabetic characters in a password


CHARS | 'unset'

The minimum number of alphabetic characters in a password


"unset" or the minimum alphabetic characters allowed in a password.

minpwdnonalphas ( CHARS | 'unset' )

Returns the minimum non-alphabetic characters in a password


CHARS | 'unset'

The minimum number of non-alphabetic characters in a password


"unset" or the minimum non-alphabetic characters allowed in a password.

minpwdlen ( CHARS | 'unset' )

Returns the minimum password length


CHARS | 'unset'

The minimum number length of a password


"unset" or the minimum length of a password.

pwdspaces ( 0 | 1 | 'unset' )

Returns the current policy on spaces in passwords


0 | 1 | 'unset'

Whether or not to allows spaces in passwords.


"unset" or 'allowed'.

tod( days => 'unset' )

tod ( days => [array], start => N, end => N, reference => local | UTC )

Returns the current time of day access policy



'unset' will cause the the time of day access policy to be unset. Otherwise, days should be a reference to an array containing some combination of: mon, tue, wed, thu, fri, sat, sun or any.

If the word 'any' is found anywhere in the array, it will over ride all the others.


The beginning of the allowed access time, expressed in 24-hour format. Since perl will try to interpret any number starting with a 0 as an octal number ( leading to annoying problems with 09xx ), you need to either drop the preceding 0 ( eg, 900 ) or specify it as a string ( '0900' ).


The end of the allowed access time. See the previous item for the caveats.


Under the covers, start and end are calculated as minutes past midnight. TAM needs to know if you are referencing midnight UTC or midnight local time. The default is 'local'.


A TAMeb::Admin::Response object, the value of which is a hash with the key/value pairs:


An array reference to the days for which the policy is enforced. If the TOD policy is unset, this refers to an empty array.


The time of day when access is allowed, expressed in 24-hour format. If the TOD policy is unset, this will be zero.


The time of day when access is denied, expressed in 24-hour format. If the TOD policy is unset, this will be zero.


UTC or local. If the policy is unset, this will be local.

The following methods are all read-only. I will not bother to say that again, nor will you see any of the usual 'Parameter' or 'Returns' headings - the description tells you the return value.


Returns the user registry that TAM is configured against.


Returns true if the current context is authenticated


Returns the codeset currently associated with the context - "UTF8" or "LOCAL"


Returns the name of the domain associated with the context


Returns the management domain associated with the context.


Returns the hostname of the Policy Server


Returns the port of the Policy Server


Returns the user id user to create the context.




Please read TAMeb::Admin for the full list of acks. I stand upon the shoulders of giants.


None at the moment.


Mik Firestone <>


Copyright (c) 2004-2011 Mik Firestone. All rights reserved. This program is free software; you can redistibute it and/or modify it under the same terms as Perl itself.

All references to TAM, Tivoli Access Manager, etc are copyrighted by IBM.