Universal Agent for Linux Installation

Installation Process

Installation of Universal Agent for Linux is a three-step process:

Step 1

Download product distribution file (see Universal Agent for UNIX - Distribution File).

Step 2

Extract the installation files from the distribution file.

Step 3

Install the extracted files.

Extracting the Universal Agent for Linux Installation Files

Stonebranch, Inc. provides separate product distribution files for the following Linux systems:

  • x86_64-based systems
  • IBM S/390 and zSeries systems
  • Debian-based systems
  • PowerPC-based systems

Universal Agent for Linux product distribution files are in a compressed tar format.

x86_64-Based Systems

(The RPM package for x86_64-based systems contains the x86_64 qualifier.)

To uncompress and extract the installation files from the product distribution file, issue the following command:

zcat sb-7.2.x.x-linux-3.10-x86_64.tar.Z | tar xvf -

This command assumes that the name of the distribution file is sb-7.2.x.x-linux-3.10-x86_64.tar.Z.

Distribution File

The following table identifies the files contained in the distribution file.

File

Description

Readme.unv

Summary of the installation procedure.

unv-7.2.x.x-linux-3.10-x86_64.rpm

Linux RPM file format package.

unv-opscli-7.2.x.x-linux-3.10-x86_64.rpm

Universal Controller Command Line Interface (CLI) RPM file format package.

unvinst

Installation script.

upimerge.sh

Script that uses the Universal Installation Merge (UIM) module.

usrmode.inc

User-mode installer main script.

unvfiles.tar

User-mode installer modules archive; a set of scripts loaded and executed by usrmode.inc.

unv-python3.7.tar

Python 3.7 Distribution for Universal Agent.

Note

If your Universal Agent for Linux (x86_64-based systems) distribution file does not contain these files, contact Stonebranch, Inc. Customer Support to obtain a correct distribution file.

IBM S/390 and zSeries Systems

(The RPM package for IBM S/390 and zArchitecture systems contains the s390x qualifier.)

To uncompress and extract the installation files from the product distribution file, issue the following command:

zcat sb-7.2.x.x-linux-3.10-s390x.tar.Z | tar xvf -

This command assumes that the name of the distribution file is sb-7.2.x.x-linux-3.10-s390x.tar.Z.

Distribution File

The following table identifies the files contained in the distribution file.

File

Description

Readme.unv

Summary the installation procedure.

unv-7.2.x.x-linux-3.10-s390x.rpm

Linux RPM file format package.

unv-opscli-7.2.x.x-linux-3.10-s390x.rpm

Universal Controller Command Line Interface (CLI) RPM file format package.

unvinst

Installation script.

upimerge.sh

Script that uses the Universal Installation Merge (UIM) module.

usrmode.inc

User-mode installer main script.

unvfiles.tar

User-mode installer modules archive; a set of scripts loaded and executed by usrmode.inc.

unv-python3.7.tar

Python 3.7 Distribution for Universal Agent.

Note

If your Universal Agent for Linux (IBM S/390 and zSeries systems) distribution file does not contain these files, contact Stonebranch, Inc. Customer Support to obtain a correct distribution file.

Debian-Based Systems

To uncompress and extract the installation files from the product distribution file, issue the following command:

zcat sb-7.2.x.x-linux-3-x86_64-deb.tar.Z | tar xvf -

This command assumes that the name of the distribution file is sb-7.2.x.x-linux-3-x86_64-deb.tar.Z.

Distribution File

The following table identifies the files contained in the distribution file.

File

Description

Readme.unv

Summary the installation procedure.

unv-7.2.x.x-linux-3-x86_64-deb

Linux RPM file format package.

unv-opscli-7.2.x.x-linux-3-x86_64.deb

Universal Controller Command Line Interface (CLI) RPM file format package.

unvinst

Installation script.

upimerge.sh

Script that uses the Universal Installation Merge (UIM) module.

usrmode.inc

User-mode installer main script.

unvfiles.tar

User-mode installer modules archive; a set of scripts loaded and executed by usrmode.inc.

unv-python3.7.tar

Python 3.7 Distribution for Universal Agent.

Note

If your Universal Agent for Linux (Debian-based systems) distribution file does not contain these files, contact Stonebranch, Inc. Customer Support to obtain a correct distribution file.

PowerPC-Based Systems

(The RPM package for PowerPC-Based systems contains the ppc64 qualifier. A further qualifier, le, identifies it as Little Endian).

To uncompress and extract the installation files from the product distribution file, issue the following command:

zcat sb-7.2.x.x-linux-3.10-ppc64le.tar.Z | tar xvf -

This command assumes that the name of the distribution file is sb-7.2.x.x-linux-3.10-ppc64le.tar.Z.

Distribution File

The following table identifies the files contained in the distribution file.

File

Description

Readme.unv

Summary the installation procedure.

unv-7.2.x.x-linux-3.10-ppc64le.rpm

Linux RPM file format package.

unv-opscli-7.2.x.x-linux-3.10-ppc64le.rpm

Universal Controller Command Line Interface (CLI) RPM file format package.

unvinst

Installation script.

upimerge.sh

Script that uses the Universal Installation Merge (UIM) module.

usrmode.inc

User-mode installer main script.

unvfiles.tar

User-mode installer modules archive; a set of scripts loaded and executed by usrmode.inc.

unv-python3.7.tar

Python 3.7 Distribution for Universal Agent.

Note

If your Universal Agent for Linux (PowerPC-based systems) distribution file does not contain these files, contact Stonebranch, Inc. Customer Support to obtain a correct distribution file.

Installing Universal Agent for Linux

Universal Agent for Linux is installed with the unvinst script, which executes the rpm command. The command to start the script must be executed with the superuser ID.

Note

Stonebranch, Inc. strongly recommends the use of the unvinst script for the Linux installation above any other method.

Component Selection

The Universal Agent package contains many components, which are grouped into five categories. Components in some categories are installed and activated optionally, as specified in the unvinst script by using unvinst command line parameters.

The following table describes each category, provides the default installation configuration for the components in that category, and identifies the command line parameters to use for components that are optionally installed and activated.
 

Note

The default installation configuration refers to new installs only. For upgrades, installed component configurations are not changed by the upgrade process.

Category

Default Configuration

Description

Base components

Always installed.

Base components are always installed and activated. They include the Universal Broker, Universal Command (UCM), Universal Data Mover (UDM), and others. Base components provide the core agent infrastructure and workload services.

Universal Automation Center Agent (UAG)

Always installed, but inactive.

Universal Controller utilizes UAG agents to provided distributed, workload automation services.

UAG is activated using the --oms_servers parameter.

Universal Message Service (OMS)

Always installed, but inactive.

OMS is message-oriented middleware that should be deployed on a small set of centrally located servers. It should not be activated on every Agent install. OMS is the network provider for UAG and the Universal Controller.

OMS is activated using the --oms_autostart parameter.

Universal Controller command line programs

Not installed.

Universal Controller command line programs provide a command line interface to the Universal Controller. The installation of Universal Controller command line programs is optional. The command line programs are only required on Agents that need to interface with the Universal Controller via the command line.

Universal Controller command line programs are installed using the --opscli parameter.

Third-party components

Not installed.

This category includes components not developed or maintained by Stonebranch, Inc.
 
For example, Universal Agent 7.2.0.0 provides a Python 3.7 distribution that can be installed under the Universal Agent install directory. This distribution is provided so that a reliable Python environment exists on systems that may not provide for all users.

Starting the Installation Script

To start the installation script, unvinst, issue the following command:

sh ./unvinst [--user username [--userdir directory] [--create_user {yes|no}] ] [--group group name [--create_group {yes|no}] ] 
             [--keystore {yes|no}] [--security {appdef|default|inherit|pam|pam_sessions}]
             [--convert_opsagent [--opsdir directory] ] [--oms_servers network address] [--oms_port port] [--ac_agent_clusters clusters] 
             [--ac_agent_ip IP address] [--oms_autostart {yes|no}] [--ac_netname ID] [--uag_autostart yes]
             [--ac_extension_accept_list list] [--ac_extension_python_list list] [--ac_extension_deploy_on_registration {yes|no}] 
             [--ac_extension_cancel_timeout value {s|m|h|d}] [--ac_process_cancel_timeout value {s|m|h|d}] [--ac_message_level level]
             [--ac_loglvl level] [--opscli {yes|no}] [--usermode_install {yes|no} [--unvdir directory] [--unvcfgdir directory] 
             [--unvdatadir directory] [--unvport port] [--python {yes|no}] ] [--use_tls1_3 {yes|no}] [--register_ubrokerd {yes|no}] [--ubrokerd_id value]

See Linux Installation Script Parameters and Installation Script Example, below, for a description of the optional parameters that you can issue with unvinst and an example of unvinst with these parameters.
 

Note

If you want to install multiple Agents on the same machine, or add one or more additional Agents to a machine with a previously installed Agent, some of these installation parameters are required (see Installing Multiple Agents on a Single Machine).


This is a silent install. The output from unvinst is written to file install.log in the current directory. The Agent is installed into directory /opt.

The Universal Broker daemon will be installed and run as the username and groupname specified with the installation script parameters, below.

Note

For this release of Linux RPM, the previous non-RPM version will not be uninstalled. The Administrator can remove the remaining files/directories as needed.

Linux Installation Script Parameters

The following table describes the optional parameters that are available in the UNIX install script (unvinst) when installing Universal Agent.

The parameters are grouped into the following categories:

Category

Description

Base

Used for base install.

OMS

Used for an active OMS configuration.

UAG

Used for an active UAG configuration.

CLI

Used for Universal Controller CLI programs install.

User Mode

Used for user mode installation.

Third-party

Used to manage third-party components.

Parameter

Description

Default

Base Parameters



-u
‑user
--user

Normal UNIX username that is used to execute the Universal Broker daemon. The install grants this user account ownership of all installed files, with the exception of the Universal Agent server components (for example: ucmsrv, udmsrv, and uemsrv) which, due to security requirements, are owned by root and will have their "set user ID on execution" bit set.

  • If the user account that you want to use already exists, specify that user account.
  • If the user account does not exist, the install creates it.
  • If you want to change the user account for an installed Universal Agent for Linux system, you must perform a re-installation and use this parameter to change the user account.
  • If --user is omitted from unvinst, the default is used.
  • If --usermode_install is yes, there is no default.

ubroker

‑create_user
‑‑create_user

Specification (yes or no) for whether or not to create the user name that will own the installed files as a local user.

yes

‑userdir
‑‑userdir

Home directory for the created user account specified by --user.

  • If this directory does not exist, it is created when the specified user is created.
  • If the user specified by --user already exists, but the home directory of that user is not the default directory (/home/<username>), --userdir must specify the path to that home directory.
  • If --userdir is omitted from unvinst, the default is used.

/home/<username>

-g
‑group
‑‑group

Normal UNIX groupname; the Universal Broker daemon will run as this specified group. All installed files will be assigned to this group.

  • If the group that you want to use already exists, specify that group.
  • If this group does not exist, the install creates it.
  • If --group is omitted from unvinst, the default is used.

ubroker

‑create_group
‑‑create_group

Specification (yes or no) for whether or not to create the group that will own the installed files as a local group.

yes

‑keystore
‑‑keystore

Specification (yes or no) for whether or not to create encryption keys during installation and set up the local Universal Broker as a keystore owner.

no

-security
--security

Sets the value (default, inherit, pam, pam_sessions, or trusted) of the following configuration options for Universal Agent server components:

The appdef value for -security controls how product configuration options are set; it does not map to a product configuration option.

Note

pam_sessions is a valid value only for the UCMD Server and UDM Server.

(none)
-ubroker_start
--ubroker_start

Specifies (yes or no) whether or not Universal Broker is started by the Installer when installation is completed.

If --ubroker_start is not included in the script, Universal Broker will be started when installation is complete.

Note

--ubroker_start is ignored for user mode installs.

yes
‑use_tls1_3
‑‑use_tls1_3
If specified (using yes), all components will be set up to use TLS 1.3 by setting the max_ssl_protocol option to tls1_3 (and encrypt to yes for UCMD and UDM).no

-register_ubrokerd
--register_ubrokerd

Specifies whether the Universal Broker daemon will be defined to systemd for automatic ubrokerd startup. When this value is 'yes' for system mode installs, a systemd unit file named ubrokerd.service is created. For user mode installs, the name of the file is formatted as described by the -ubrokerd_id command line option.
The install will attempt to install this file into the configured systemd system unit file directory. If a configured value cannot be determined, the script uses /usr/lib/systemd/system. If this option is not specified, it defaults to 'no', and the ubrokerd daemon is not registered with systemd.
no

UAG Parameters



-c
‑convert
‑‑convert_opsagent

Causes unvinst to execute opsmerge.sh (residing in /opt/universal/uagsrv/bin), which performs the following tasks:

  1. Searches for an existing Opswise Automation Center Agent 1.6 or 1.7 install and converts properties stored in the agent.props file to corresponding configuration options in the Universal Automation Center Agent (UAG) configuration file, uags.conf.
  2. Searches for an active Opswise Automation Center Agent 1.6 or 1.7 daemon process and attempts to stop it.
  3. Assigns the ID used by the Opswise Automation Center Agent 1.6 or 1.7 to UAG by moving the qname file from the Opswise Automaton Center install directory to the /var/opt/universal/uag/var directory.


-d
‑opsdir
‑‑opsdir

If --convert_opsagent is specified: Identifies the primary install directory for Universal Agent.

  • If --opsdir is omitted from unvinst, the default is used.

/home/opswise

‑oms_servers
‑‑oms_servers

Specifies a value, in the format port@host[,port2@host,...,portn@hostn], for the port and network address of the OMS server(s) to be used as network communications providers.
 

Note

You should always include --oms_servers in unvinst; OMS is the network communications provider between a Controller 7.2.x.x and Agent 7.2.x.x.

 
UAG configuration: The value specified for --oms_servers is set automatically for the UAG OMS_SERVERS configuration option.

(none)

‑ac_agent_clusters
‑‑ac_agent_clusters

Specifies the Universal Controller-defined clusters to which this agent will belong.
 
UAG configuration: The value specified by --ac_agent_clusters is set automatically for the UAG AGENT_CLUSTERS configuration option.

(none)

‑ac_agent_ip
‑‑ac_agent_ip

Specifies the IP address or host name (which resolves to an IP address) that the Agent reports to the Controller.
 
UAG configuration: The value specified by --ac_agent_ip is set automatically for the UAG AGENT_IP configuration option.

(none)

‑ac_netname
‑‑ac_netname

Specifies the network ID that Universal Agent will use.
 
UAG configuration: The value specified by --ac_netname is set automatically for the UAG NETNAME configuration option.

(none)

-ac_extension_accept_list
--ac_extension_accept_list

Specifies a comma-separated list of one or more Universal Extensions that the agent will accept via auto-deployment from the Controller.

  • A single value of * indicates that all extensions are accepted.
  • A single value of none indicates that no extensions are accepted.

The value specified for this parameter sets the EXTENSION_ACCEPT_LIST configuration option value.

*
-ac_extension_python_list --ac_extension_python_list

Specifies a comma-separated list of zero or more Python locations. Each item in the list is expected to contain a complete path to a Python executable.

The value specified for this parameter sets the EXTENSION_PYTHON_LIST configuration option value.

/usr/bin/python3,/usr/bin/python,/usr/libexec/platform-python
-ac_extension_deploy_on_registration --ac_extension_deploy_on_registration

Controls Extension deployment behavior from the Universal Controller.

  • If the value is yes, the Controller will preemptively deploy all extensions acceptable by UAG.
  • If the value is no, the Controller will only send Extension modules as needed (on demand).

The value specified for this parameter sets the EXTENSION_DEPLOY_ON_REGISTRATION configuration option value.

no

-ac_extension_cancel_timeout
--ac_extension_cancel_timeout

Set the EXTENSION_CANCEL_TIMEOUT UAG configuration option, which specifies the length of time a Universal Extension task is given to complete its response to a CANCEL request.

If the task fails to finish its own termination processing within the specified timeout period, UAG Server will forcefully terminate the task.

The specified timeout must be numeric, but a one-letter suffix is accepted to specify (s)econds, (m)inutes, (h)ours, or (d)ays. If no time unit is specified, the default is seconds.

The following maximums are enforced:

  • 2147483647 or 2147483647s

  • 35791394m

  • 596523h

  • 24855d

Minute, hour, and day maximums are set to ensure that their value represented as a number of seconds does not exceed 2147483647.

10

-ac_process_cancel_timeout
--ac_process_cancel_timeout

Set the PROCESS_CANCEL_TIMEOUT UAG configuration option, which specifies the length of time an OS task is given to complete its response to a CANCEL request.

If the task fails to finish its own termination processing within the specified timeout period, UAG Server will forcefully terminate the task.

The specified timeout must be numeric, but a one-letter suffix is accepted to specify (s)econds, (m)inutes, (h)ours, or (d)ays. If no time unit is specified, the default is seconds.

The following maximums are enforced:

  • 2147483647 or 2147483647s

  • 35791394m

  • 596523h

  • 24855d

Minute, hour, and day maximums are set to ensure that their value represented as a number of seconds does not exceed 2147483647.

10

‑ac_enable_ssl
‑‑ac_enable_ssl

This option is deprecated starting with Universal Agent 7.1.0.0. UAG Server will always attempt to use SSL/TLS for OMS connections.

n/a

-ac_message_level
--ac_message_level

Specifies a message level for UAG. The install uses this value to set the MESSAGE_LEVEL UAG configuration option.(none)

-ac_loglvl
--ac_loglvl

Specifies a log level for UAG. The install uses this value to set the LOGLVL UAG configuration option.(none)

‑uag_autostart
‑‑uag_autostart

Specifies (yes or no) whether or not the Universal Automation Center Agent (UAG) Server starts automatically when the Universal Broker is started.
 
UAG component definition: The value specified by --uag_autostart is set automatically for the UAG AUTOMATICALLY_START component definition option.

yes

OMS Parameters



‑oms_port
‑‑oms_port

Specifies the port to use to listen for OMS connection requests.
 
OMS configuration: The value specified by --oms_port is set automatically for the OMS SERVICE_PORT configuration option.

(none)

‑oms_autostart
‑‑oms_autostart

Specifies (yes or no) whether or not OMS is started automatically by Universal Broker when Universal Broker starts.
 
OMS component definition: The value specified by --oms_autostart is set automatically for the OMS AUTOMATICALLY_START and RESTART component definition options.

no

CLI Parameters



‑opscli
‑‑opscli

Specifies (yes or no) whether or not the Universal Controller Command Line Interface (CLI) tools will be installed.

no

User Mode Parameters



-U
-usermode_install
--usermode_install

Specifies (yes or no) for a user mode installation, which defines both of the following:

no

-unvdir
--unvdir

If --usermode_install is set to yes: Specifies the Agent binaries (installation) directory.

(none)

‑unvcfgdir
‑‑unvcfgdir

If --usermode_install is set to yes: Specifies the Agent configuration files directory.

<--unvdir>/etc

‑unvdatadir
‑‑unvdatadir

If --usermode_install is set to yes: Specifies the Agent data files directory.

<--unvdir>/var

‑unvport
‑‑unvport

If --usermode_install is set to yes: Specifies the Universal Broker port.

(none)

-ubrokerd_id
--ubrokerd_id

If --usermode_install is set to yes: Specifies the value used to uniquely identify the ubrokerd unit file when the Universal Brokerd daemon is registered with systemd, as directed by the -register_ubrokerd option. This value is used to format a systemd unit file name in the format ubrokerd@<id>.service, where '<id>' is the value specified for this option. 

 If this option is omitted, the value specified for the -unvport option is used. For system mode installs, the unit file name will always be ubrokerd.service.

Value of --unvport option.

Third-Party Parameters



‑python
‑‑python

Specifies (yes or no) whether the Python 3.7 Distribution for Universal Agent is installed.

no

Additional Parameter



-?
-h
‑help
‑‑info

Displays command line help.

n/a

Installation Script Example

The following example illustrates Universal Agent for Linux installed with the installation script, unvinst, and optional parameters.

sh ./unvinst --user user1 --userdir /homedir/user --group usergroup 
             --keystore no --convert_opsagent --opsdir /homedir/ops 
             --oms_servers 7878@oms2 --oms_port 7878 --oms_autostart yes 
             --ac_agent_clusters GA Cluster,CA Cluster --ac_agent_ip 127.0.0.1
             --ac_netname OPSAUTOCONF --opscli yes --uag_autostart yes
             --usermode_install yes --unvdir /opt/universal 
             --unvcfgdir /etc/universal --unvdatadir /var/opt/universal --unvport 7887

User Mode Installation

A user mode installation, implemented through use of the usermode_install installation parameter, lets you install multiple Agents on a single machine and change the default installation directories for any Agent being installed.

You must perform a user mode installation for installing an Agent on a machine where one or more Agents already have been installed.

However, you also can perform a user mode installation for the initial installation of an Agent on a machine.
 

Note

You can execute the install as a non-root user if you want to execute the Agent in an unprivileged user mode environment. See User Mode Installation for specific requirements and restrictions associated with an unprivileged user mode environment.

Installing Multiple Agents on a Single Machine

If you want to install multiple Agents on the same machine, you must set the following installation parameter values for each Agent being installed in addition to the initially installed Agent.
 

Note

You also can set these parameters values for the initial installation of an Agent on a machine.

Installation Parameter

Value

--usermode_install

yes

--user

A username that is different than the username specified for any other Agent installation on this machine.

--unvdir

An Agent binaries (installation) directory that is different than the installation directory specified for any other Agent installation on this machine.

--unvport

A Universal Broker port that is different than the port specified for any other Agent installation on this machine.

Changing the Default Installation Directories

By default, an Agent is installed and configured in default directories.

If you want to change these default directories, or if you want to install multiple Agents on the same machine, you must set the --usermode_install parameter to yes and specify new values in the following parameters. These directories must be different for each Agent on the same machine.
 

Note

You also can change these directories for the initial installation of an Agent on a machine.

Installation Parameter

Default Directory

Files Installed

--unvdir

/opt/universal

Agent binaries

--unvcfgdir

/etc/universal

Agent configuration files

--unvdatadir

/var/opt/universal

Agent data files

Listing Universal Agent for Linux Information

RPM Commands

Information on installed packages is listed with the rpm command. The command must be executed with the superuser ID.

To list information for the Universal Agent for Linux, issue the following command:

rpm -qi unv
rpm -qi unv-opscli

Debian Commands

Information on installed packages is listed with the dpkg command. The command must be executed with superuser authority.

To list information for the Universal Agent for Linux, issue the following commands:

sudo dpkg -l unv
sudo dpkg -l unv-opscli

Removing Universal Agent for Linux

System Install Removal

Step 1

Stop the ubrokerd daemon.

Step 2

Make a backup copy of the /var/opt/universal and /etc/universal directories.

Step 3

RPM Commands
 
Using the superuser ID, remove all Universal Agent for Linux packages by issuing the following commands:
 

rpm -e unv-opscli
rpm -e unv
rm -rf /etc/universal
rm -rf /var/opt/universal

 
Debian commands
 
Using the superuser authority, remove all Universal Agent for Linux packages by issuing the following commands:
 

sudo dpkg -r unv-opscli
sudo dpkg -r unv
rm -rf /etc/universal
rm -rf /var/opt/universal

Step 4

Delete the Agent user account (ubroker) and its home directory:
 

userdel -r ubroker

Step 5

Delete the Agent group (ubroker):
 

groupdel ubroker

User Mode Install Removal

Step 1

Stop the Usermode Broker.

Step 2

Make a backup copy of the <--unvcfgdir> and <--unvdatadir> directories.

Step 3

Using the superuser ID, remove all Universal Agent for Linux packages by issuing the following commands:
 

rm -rf <---unvdir>
rm -rf <--unvcfgdir>
rm -rf <--unvdatadir>

Step 4

Delete the Agent user account (ubroker) and its home directory:
 

userdel -r [Usermode Broker user]

Step 5

Delete the Agent group (ubroker):
 

groupdel [Usermode Broker group]

Agent

To remove an Agent executing in an unprivileged user mode environment (see User Mode Installation), simply stop the ubrokerd daemon and remove the ./universal installation directory. To make sure that you do not mistakenly remove a system install directory, attempt the removal with a non-privileged user account or the Broker account.

Linux PAM Customization

Linux installations utilize Pluggable Authentication Modules (PAM) for user authentication. Many of the Universal Agent servers, such as Universal Command (UCMD), Universal Data Mover (UDM), and Universal Control (UCTL), must authenticate user accounts and passwords. Proper PAM configuration is essential for product operation.

There are many organizations and companies that package and distribute the Linux operating system. Most have consistent PAM implementations, but there are exceptions.

All supported Linux installations - except for SUSE 9 and below - require the sample PAM configuration file delivered with Universal Agent to be copied to directory /etc/pam.d:

cp /opt/universal/ucmdsrv/samp/ucmd.pam /etc/pam.d/ucmd

PAM Configuration File

All Universal Agent components utilize the same PAM configuration file.

64-Bit Linux Systems

For 64-bit Linux systems (x86_64-Based systems; S/390 and z/Series systems) its contents are:

auth

required

/lib64/security/pam_pwdb.so shadow nullok

auth

required

/lib64/security/pam_nologin.so

account

required

/lib64/security/pam_pwdb.so


Your Administrator must modify this sample PAM file to meet your local configuration.

Examples of Customized PAM Configuration Files

Universal Agent for Redhat systems 5.0 and greater

auth

include

system-auth

auth

required

pam_nologin.so

account

include

system-auth


Universal Agent for SUSE-based systems 10.0 and greater

auth

required

pam_unix2.so nullok

auth

required

pam_nologin.so

account

include

common-account


Alternative Universal Agent for SUSE 10.1

auth

required

pam_unix2.so nullok

auth

required

pam_nologin.so

account

include

common-account

Configuring the Agent to Run a Task without a Password

Prior to release 5.1, Universal Automation Center used the ops_suexec.nopass file, which listed all trusted users.

As of release 5.1, this file no longer is used. To apply your desired security configuration, access the UAG SECURITY configuration option in the uags.conf configuration file:

  • If you do not want security, set the value to inherit.
  • If you want security, set the value to pam and update the following files:
    • Check the /etc/pam.d/ucmd configuration file to ensure that it contains the minimum PAM security settings (see  Examples of Customized PAM Configuration Files, above).
    • Add the following to /etc/universal/uacl.conf for each user: uag_work_request [username],allow,noauth
      Also, verify that the user has a /home directory defined.