Accounts¶
defines the privileged account existing on the monitored server. It specifies the actual login credentials, user authentication mode: anonymous (without user authentication), regular (with login credentials substitution) or forward (with login and password forwarding); password changing policy as well as the password changer itself.
Defining an account
Warning
Data model objects: safes, users, servers, accounts and listeners are replicated within the cluster and object instances must not be added on each node. In case the replication mechanism fails to copy objects to other nodes, contact technical support department.
- Select > .
- Click .
- Define configuration parameters.
| Parameter | Description |
|---|---|
| General | |
| Name | Object name. |
| Account type | Select account type:
|
Session recording |
Select session recording option. |
all |
Wheel Fudo PAM records network traffic allowing for future session playback, using the built in session player, as well as converting session material to a selection of video file formats. |
raw |
Wheel Fudo PAM keeps records of the data exchanged between the user and the monitored server. The raw data can be downloaded later on but the session cannot be played back using the built in session player. |
none |
Wheel Fudo PAM only takes note of the fact that the give session took place but does not record the data exchanged between the user and the server. |
| OCR sessions | Enable RDP sessions content indexing. |
| OCR language | Select what language the processed content is in. |
| Delete session data after | Decide how long Wheel Fudo PAM will store session data before deleting it. |
| Permissions | |
| Granted users | Determine users allowed to manage given object. |
| Server | |
| Server | Assign account to a server. |
| Credentials | |
| Domain | Account domain assignment. Note In case of MS SQL connections, providing the domain will result in Wheel Fudo PAM using NTLM authentication mechanism when establishing connections with monitored hosts. Otherwise Wheel Fudo PAM will use the SQL Server Authentication method. SQL Server Authentication is always used to authenticate users initiating connections, whether the domain is set or not. |
| Login | Login used for authenticating on monitored server. |
| Replace secret | Select password replacement option. |
with password |
|
| Password | Static password. |
| Repeat password | |
with key |
|
| Public key | |
with password from external repository |
|
| External passwords repository | Select passwords repository used to manage credentials to selected account. |
| Password change policy | Select the policy, which determines password change details. |
| Password changer | |
| Password changer | Select the password changer used for managing password to given account. |
Unix Account over SSH |
|
| Privileged user | User login with password changing privileges. |
| Privileged user password | |
Windows account over WMI |
|
| Privileged user | User login with password changing privileges. |
| Privileged user password | |
MySQL User Account on Unix Server over SSH |
|
| SSH user | SSH user login. |
| SSH password | SSH user password. |
| SSH server address | SSH server IP address. |
| SSH server port | SSH server port number. |
| Privileged user | User login with password changing privileges. |
| Privileged user password | Privileged user password. |
Cisco Account over Telnet |
|
| Privileged mode password | |
| Privileged user | User login with password changing privileges. |
| Privileged user password | Privileged user password. |
Cisco Enable Password over Telnet |
|
| Privileged mode password | Password used for entering privileged mode. |
| Privileged user | User login with password changing privileges. |
| Privileged user password | Privileged user password. |
Cisco Account over SSH |
|
| Privileged mode password | |
| Privileged user | User login with password changing privileges. |
| Privileged user password | Privileged user password. |
Cisco Enable Password over SSH |
|
| Privileged mode password | Password used for entering privileged mode. |
| Privileged user | User login with password changing privileges. |
| Privileged user password | Privileged user password. |
LDAP |
|
| Privileged user | User login with password changing privileges. Note
|
| Privileged user password | Privileged user password. |
| LDAP base | Path to the location where the user for which the password is changed is stored. |
| LDAP server CA certificate | CA public key used for signing the LDAP server’s certificate. |
Note
|
Note
Two-fold authentication
With two-fold authentication enabled, user is being prompted twice for login credentials. Once for authenticating against Wheel Fudo PAM and once again for accessing target system.
To enable two-fold authentication, proceed as follows.
- From the Type drop-down list, select
forward. - In the Credentials section, select the Two-fold authentication option.
- Click .
Editing an account
- Select > .
- Find and click desired object to open its configuration page.
- Modify configuration parameters as needed.
Note
Unsaved changes are marked with an icon.
- Click .
Deleting an account
Warning
Deleting an accout definition will terminate all current connections to servers which use selected account for accessing those servers.
- Select > .
- Find and select desired objects.
- Click .
- Confirm deletion of selected objects.
Related topics: