Establishing accounts and ports

This section describes how to set up accounts and ports and specify which applications and instances use which accounts.

Accounts
Ports
- Setting the default port number on UNIX Only
  - Hierarchy for UNIX agent port number

Accounts

PATROL Agent must use a valid account to run parameters, recovery actions, and application discovery. By default, it uses the account used to install PATROL. However, you can change the account that the agent runs under. You can also designate the agent to use particular accounts for applications and instances.

In environments where trusted connections are supported, you can assign an account to be used by a trusted connection that does not have an account on a particular host.

Setting the PATROL Agent default account

The /AgentSetup/defaultAccount variable specifies the user account that the agent runs for all parameters, recovery actions, and application discovery procedures when an account is not specified for these commands.

Formats and type of data	Text string, not applicable
Default value	Account used to install PATROL Agent
Minimum and maximum	Not applicable
Dependencies	None
Recommendation	None

Setting the PATROL Agent default account shell

You can use the /AgentSetup/defaultAccountShell configuration variable to specify which shell the PATROL Agent uses for the process spawned by the PATROL Agent default account.

Format and type of data	Text string (shell name)
Default value	None
Minimum and maximum	None
Dependencies	None
Recommendation	Value must contain a complete path, such as "/bin/sh" or the PATROL Agent will not work properly.

This variable is not available in the config.default file. You must create this variable manually by using wpconfig (Windows), xpconfig (UNIX), PATROL Configuration Manager, or a PSL pconfig script such as the following:

%PSL pconfig("REPLACE", "/AgentSetup/defaultAccountShell", "new shell");

If the variable is set to NULL, the agent defaults to the shell given in the password file of the default account. If the value does not contain a complete path, the PATROL Agent will not work properly.

Setting the PATROL Agent account for applications

The /AgentSetup/<appl>.OSdefaultAccount variable specifies the account that the agent uses when it runs all parameters and recovery actions for this application or application instance. You can override this account by specifying an account in a command.

Formats and type of data	Text string, not applicable
Default value	NULL (use PATROL Agent's default Account)
Minimum and maximum	Not applicable
Dependencies	None
Recommendation	None

Adding time zones to PATROL

You can use the /AgentSetup/timeZone configuration variable to define time zones that do not exist in the PATROL Agent time zone table. If you are using a system that runs in a time zone not recognized by PATROL, you can add the time zone and its offset to the /AgentSetup/timeZone variable. When the PATROL Agent finds the timeZone variable, it will add the contents to its time zone table and use the new time zone(s) data to calculate date and time.

Format and type of data	TimeZone/OffsetValue TimeZone= the name of the time zone OffsetValue = the offset value, in minutes, for the specified time zone. Begin the OffsetValue with a + or - sign.
Default value	NULL
Minimum and maximum	None
Dependencies	None
Recommendation	None

If you define the timeZone variable as TZ1/+200,TZ2/-100, the PATROL Agent recognizes TZ1 and TZ2 as time zone strings and will use their corresponding offset values for date conversion calculation. By default, the value of the variable is NULL.

Setting the PATROL Agent account for instances

The /AgentSetup/<appl.inst>.OSdefaultAccount variable specifies the account that the agent uses when it runs all parameters and recovery actions for this application instance. You can override this account by specifying an account in a command.

Formats and type of data	Text string, not applicable
Default value	NULL (use PATROL Agent's default Account)
Minimum and maximum	Not applicable
Dependencies	None
Recommendation	None

Default accounts for XPC servers

You can use the /AgentSetup/XPC/<xpcserver>.xpc_defaultAccount to specify a default account for each xpc server. When the xpc process is spawned in PATROL Agent, it checks to see if there is a default account for that xpc process and switches the user to that account before running that process. If the account is not defined, the xpc server runs under the PATROL Agent default account.

Format and type of data	Text string <xpcserver>.xpc_defaultAccount
Default value	None
Minimum and maximum	None
Dependencies	None
Recommendation	None

This variable is available only for Microsoft Windows platforms.

Using the application-specific account for commands

The /AgentSetup/<appl>.OSdefaultAccountAppliesToCmds variable determines whether menu commands run against instances of this application use the account specified by either appl.inst.OSdefaultAccount or appl.OSdefaultAccount. Otherwise, menu commands use the account with which the console logs into the agent. You can override this account by specifying an account in a command.

Formats and type of data	Boolean, yes or no
Default value	No (do not run as *.OSdefaultAccount)
Minimum and maximum	Not applicable
Dependencies	None
Recommendation	None

Setting the default account for trusted clients

The /AgentSetup/trustedConnectionsAccount variable specifies the default account that the agent assigns to a trusted client connection that does not have an account on the box. First, the agent tries the account for the trusted user. If the account is not available, the agent uses the account specified by trustedConnectionsAccount.

This variable is applicable only to installations using supported external authentication services, currently Kerberos 5.

Formats and type of data	Text string, not applicable
Default value	Patrol If the agent fails to get the client's account, and this variable is not set or set to a non-valid account, the agent rolls back to "username/encryptedPassword" scheme used on non-trusted connections
Minimum and maximum	Not applicable
Dependencies	None
Recommendation	None

Setting the default account for PEM commands

The /AgentSetup/pemCommands_defaultAccount variable allows you to establish a special account under which all PEM commands can be run. To run PEM commands under this account, you must specify P for the PEM account option in the /AgentSetup/pemCommands_policy variable.

Formats and type of data	Text string (no spaces)
Default value	None
Minimum and maximum	Not applicable
Dependencies	/AgentSetup/pemCommands_policy variable must be set to P
Recommendation	None

The /AgentSetup/pemCommands_policy variable specifies under which account all PEM commands will run.

Values	A — Agent default account; if established, used in the following order: 1) appl.inst.OSdefaultAccount 2) appl.OSdefaultAccount 3) defaultAccount P — special PEM default account U — user account or KM account depending on where the event was initiated
Default value	U
Minimum and maximum	Not applicable
Dependencies	Accounts that are established
Recommendation	None

Ports

The agent allows you to specify the default port on UNIX and specify the port used to communicate through a firewall in a secure environment. PATROL also allows you to establish ports for sending and receiving SNMP trap information.

Setting the default port number on UNIX Only

The PATROL_PORT environment variable specifies the PATROL Agent port number on UNIX only. This variable applies only if the port number has not been specified by another means.

Hierarchy for UNIX agent port number

Following is the hierarchy for the PATROL Agent port number on UNIX:

-p command line option is specified, use command line value
"patrolagent" defined in /etc/services
Environment variable PATROL_PORT
Hard-coded default (3181)