select_pam_app

Use the select_pam_app command to retrieve a PAM application access right in the currently selected zone from Active Directory. This command stores the PAM application right in memory, and makes it the currently selected PAM application right for subsequent ADEdit commands. The PAM application right remains selected until you select another PAM application right or zone, delete the PAM application right, or end the ADEdit session.

If you use ADEdit commands such as set_pam_field to change settings for the selected PAM application right, you must save the selected PAM application right using the save_pam_app command for your changes to take effect in Active Directory. If you select another PAM application right or end the ADEdit session before saving the currently selected PAM application right, your changes will be lost.

You can only use the select_pam_app command to select PAM applications if the currently selected zone is a classic4 or hierarchical zone. The command does not work for other types of zones.

Zone type

Classic and hierarchical

Syntax

select_pam_app name[/zonename]

Abbreviation

slpam

Options

This command takes no options.

Arguments

This command takes the following argument:

Argument Type Description

name[/zonename]

string

Required. Specifies the name of the PAM application right to select.

If the PAM application right that you want to select is defined in the current zone, the zonename argument is optional.

If the PAM application right is defined in a zone other than the currently selected zone, the zonename argument is required to identify the specific PAM application right to select.

Return value

This command returns nothing if it runs successfully.

Examples

The following example retrieves the PAM application right named sftp in the current zone and makes it the currently selected PAM application right:

select_pam_app sftp

The following example retrieves the PAM application right named sftp defined in the chicago zone and makes it the currently selected PAM application right:

select_pam_app sftp/chicago

The definition for the PAM application right named sftp might be the same in both zones, but it is not required to be. Specifying the zone ensures you get the definition you expect.

Related commands

Before you use this command, you must have a currently selected zone stored in memory. After you have a zone stored in memory, you can use the following commands to view and select the PAM application to work with:

  • get_pam_apps returns a Tcl list of PAM application rights in the current zone.
  • list_pam_apps lists to stdout the PAM application rights in the current zone.
  • new_pam_app creates a new PAM application right and stores it in memory.
  • select_pam_app retrieves a PAM application right from Active Directory and stores it in memory

After you have a PAM application stored in memory, you can use the following commands to work with that PAM application’s attributes, delete the PAM application, or save information for the PAM application:

  • delete_pam_app deletes the selected PAM application right from Active Directory and from memory.
  • get_pam_field reads a field value from the currently selected PAM application right.
  • save_pam_app saves the selected PAM application right with its current settings to Active Directory.
  • set_pam_field sets a field value in the currently selected PAM application right.