pdp auth

Description

Configures authentication/authorization options for PDP.

Syntax

pdp auth

      allow_empty_result <options>

      count_in_non_ldap_group <options>

      fetch_by_sid <options>

      force_domain <options>

      kerberos_any_domain <options>

      kerberos_encryption <options>

      reauth_agents_after_policy <options>

      recovery_interval <options>

      username_password <options>

Parameters

Parameter

Description

allow_empty_result <options>

Shows the current configuration of fetching of local groups from the AD server based on SID.

Configures that the fetching of local groups from the AD server based on SID should succeed, even if all SIDs are foreign.

The available <options> are:

  • Disable the fetching of local groups:

    pdp auth allow_empty_result disable

  • Enable the fetching of local groups:

    pdp auth allow_empty_result enable

  • Show the current configuration:

    pdp auth allow_empty_result status

count_in_non_ldap_group <options>

Shows and configures the identification of membership to individual users that are selected in the user picker and LDAP branch groups in SmartConsole.

The available <options> are:

  • Disable the identification of membership:

    pdp auth count_in_non_ldap_group disable

  • Enable the identification of membership:

    pdp auth count_in_non_ldap_group enable

  • Show the current configuration:

    pdp auth count_in_non_ldap_group status

fetch_by_sid <options>

Shows and configures the fetching of local groups from the AD server based on SID.

The available <options> are:

  • Disable the fetching of local groups:

    pdp auth fetch_by_sid disable

  • Enable the fetching of local groups:

    pdp auth fetch_by_sid enable

  • Show the current configuration:

    pdp auth fetch_by_sid status

force_domain <options>

Shows and configures the PDP to match the identity's source, based on the reported domain and authorization domain.

The available <options> are:

  • Disable the match the identity's source:

    pdp auth force_domain disable

  • Enable the match the identity's source:

    pdp auth force_domain enable

  • Show the current configuration:

    pdp auth force_domain status

kerberos_any_domain <options>

Shows and configures the use of all available Kerberos principles.

The available <options> are:

  • Disable the use of all available Kerberos principles:

    pdp auth kerberos_any_domain disable

  • Enable the use of all available Kerberos principles:

    pdp auth kerberos_any_domain enable

  • Show the current configuration:

    pdp auth kerberos_any_domain status

kerberos_encryption <options>

Shows and configures the Kerberos encryption type.

Note - In SmartConsole, go to Objects menu > Object Explorer > Servers > open the LDAP Account Unit object > go to General tab > click Active Directory SSO Configuration).

The available <options> are:

  • Configure the Kerberos encryption type:

    pdp auth kerberos_encryption set

  • Show the current configuration:

    pdp auth kerberos_encryption get

reauth_agents_after_policy <options>

Shows and configures the automatic reauthentication of Identity Agents after policy installation.

The available <options> are:

  • Disable the automatic reauthentication:

    pdp auth reauth_agents_after_policy disable

  • Enable the automatic reauthentication:

    pdp auth reauth_agents_after_policy enable

  • Show the current configuration:

    pdp auth reauth_agents_after_policy status

recovery_interval <options>

Shows and configures the frequency of attempts to connect back to the higher-priority PDP gateway.

The available <options> are:

  • Disable the reconnect attemtps:

    pdp auth recovery_interval disable

  • Enable the reconnect attemtps:

    pdp auth recovery_interval enable

  • Configure the frequency or reconnect attempts:

    pdp auth recovery_interval set <Number of Seconds>

  • Show the current configuration:

    pdp auth recovery_interval show

username_password <options>

Shows and configures the username and password authentication.

The available <options> are:

  • Disable the username and password authentication:

    pdp auth username_password disable

  • Enable the username and password authentication:

    pdp auth username_password enable

  • Show the current configuration:

    pdp auth username_password status