Remote Management

Power Manager supports remote management over the network. Remote management allows users on distant computers to monitor and alter Power Manager. This ability is particularly useful for system administrators and for those managing computers that are difficult to physically reach.

Remote management can be enabled and disabled using the Power Manager application. The Allow Remote Management menu item controls the default connection settings.

Enabling Remote Management using the application

  1. Launch Power Manager.

  2. Enable (check) the Scheduler > Allow Remote Management menu item.

Disabling Remote Manager using the application

  1. LaunchPower Manager.

  2. Disable (uncheck) the Scheduler > Allow Remote Management menu item.

Customising Remote Management

By default, the user interface sets up a single network socket listening to all interfaces on a system provided port. The default network socket is advertised via Bonjour/Zero-Config.

The default socket's unique identifier is You should avoid altering sockets whose name begins with This namespace is reserved for use by Power Manager's graphical and command line tools.

Power Manager can be set up to listen to more than one network socket.

You can add additional sockets for remote management using the command line pmctl tool, or with an AppleScript script.

To create a remote management socket with a fix port number (1234) listening on all network interfaces, see Creating a fixed port socket.

Creating a fixed port socket

bash% cd '/Applications/Power'
bash% ./pmctl listen.applysocket 'unique ID=Fixed' 'port=1234'

Remote management is provided by the Listen API object. The Listen object provides an interface for creating (listen.applysocket), listing (listen.sockets), and removing (listen.removesocket) network sockets.

The listen.applysocket command accepts a range of parameters. The parameters are all optional. Power Manager will choose a suitable default for each missing parameter.

The command above creates a listening socket on port 1234 with the unique identifier 1234.

To check the socket has been created and is listening, issue the commands in Listing the fixed port socket details.

Listing the fixed port socket details

bash% ./pmctl listen.sockets
[{"port"=>1234.000000,"protocol family"=>"IPv4","state"=>"listening","unique ID"=>"Fixed","URLs"=>["pm://Mac-Pro.local:1234"]}]

The command's response lists every listening socket, along with information such as the name, port number, and URL.

You can immediately start using your new socket.

To remove a remote management socket, issue the commands in Remove the fixed port socket.

Remove the fixed port socket

bash% ./pmctl listen.removesocket 'unique ID=Fixed'

The listen.removesocket command removes the socket with the provided unique identifier.

Creating a new remote management socket using pmctl

  1. Issue the command:

    bash% ./pmctl listen.applysocket port=1234 'protocol family=IPv6'

    This command creates a new Internet Protocol version 6 (IPv6) remote management socket listening on all network interfaces on port 1234.

List all remote management sockets using pmctl

  1. Issue the command:

    bash% ./pmctl listen.sockets

    This command returns a list of all Power Manager's listening network sockets.

Removing a remote management socket using pmctl

  1. Issue the command:

    bash% ./pmctl listen.removesocket 'unique ID=Fixed'

    This command removes the listening socket with the unique ID Fixed.

How Connections are Secured

Remote management connections are secure. All connections are encrypted using SSL/TLS industry standard encryption. Authentication and authorisation are provided by Pluggable Authentication Modules (PAM).

Pluggable Authentication Modules (PAM) Support

Power Manager's PAM configuration is controlled by the PAM configuration file /etc/pam.d/ This file is created and removed as needed.

Power Manager uses the PAM service by default. This service restricts access to users who are members of the admin or wheel groups.

Do not alter this PAM configuration file. The default configuration will be ideal for the great majority of environments, and should be left untouched. Changes to the file will be reverted between restarts and updates.

If you are familiar with PAM configuration files, and wish to use alternative modules or configuration settings, this is possible.

To use your own PAM configuration file, create the desired PAM service file and then update Power Manager's default to match the service file's name.

You can change the PAM service used, see Defaults and Preferences. The service name is read from the default management.service in the domain A restart is recommended after changing this default.

Change the PAM service

bash% sudo defaults write /Library/Preferences/ 'management.service' myservice

Reset the PAM service used by Power Manager

bash% sudo defaults delete /Library/Preferences/ 'management.service'

Bonjour Domains

Power Manager advertises across all available Bonjour registration domains. This helps ensure the best experience when trying to locate Power Manager services.

When searching for Power Manager services, the application will search only the .local domain by default. This reduces network traffic but more importantly lists only services which the user is likely to be able to access.

Attempting to connect to services beyond the .local domain is likely to fail. Routers and other network devices may block required ports and otherwise limit access. Power Manager services may be visible through Bonjour but not accessible.

Searching beyond .local is possible by enabling Search all domains in the network services window. This option respects the forced default behaviour and will be hidden automatically if the user can not change the underlying DSSWPMAKServicesDefaultWideDomains default, see Defaults and Preferences.

Back to the previous page.