pdp auth

allow_empty_result <options>

count_in_non_ldap_group <options>

fetch_by_sid <options>

force_domain <options>

kerberos_any_domain <options>

kerberos_encryption <options>

reauth_agents_after_policy <options>

recovery_interval <options>

username_password <options>

allow_empty_result

disable

enabled

status

Shows the current configuration of fetching of local groups from the AD server based on SID.

Configures that the fetching of local groups from the AD server based on SID should succeed, even if all SIDs are foreign.

count_in_non_ldap_group

disable

enabled

status

Shows and configures the identification of membership to individual users that are selected in the user picker and LDAP branch groups in SmartConsole.

fetch_by_sid

disable

enabled

status

Shows and configures the fetching of local groups from the AD server based on SID.

force_domain

disable

enabled

stat

Shows and configures the PDP to match the identity's source, based on the reported domain and authorization domain.

kerberos_any_domain

disable

enabled

status

Shows and configures the use of all available Kerberos principles.

kerberos_encryption

get

set

Shows and configures the Kerberos encryption type (in SmartConsole, go to Objects menu > Object Explorer > Servers > open the LDAP Account Unit object > go to General tab > click Active Directory SSO Configuration).

reauth_agents_after_policy

disable

enabled

status

Shows and configures the automatic reauthentication of Identity Agents after policy installation.

recovery_interval

disable

enable

set <Value>

show

Shows and configures the frequency (in seconds) of attempts to connect back to the higher-priority PDP gateway.

username_password

disable

enabled

stat

Shows and configures the username and password authentication.