forward account

Account defines the privileged account existing on the monitored server. It specifies the actual login credentials, user authentication mode: anonymous (without user authentication), regular (with login credentials substitution) or forward (with login and password forwarding); password changing policy as well as the password changer itself.

When connecting to a server using a forward type account, Wheel Fudo PAM authenticates user against its local database and forwards user’s login credentials to the target host.

Note

In case of Telnet connections, users are asked to provide their login credentials twice. First time to authenticate against Wheel Fudo PAM and then to connect to the target host.

Defining an account

1. Select Management > Accounts.
2. Click Add.

3. Define object’s name.

4. Select Blocked option to disable account after it’s created.

5. Select forward from the Type drop-down list.
6. Select desired session recording option.

• all - Wheel Fudo PAM records network traffic allowing for future session playback, using the built in session player, as well as converting session material to a selection of video file formats.
• raw - Wheel Fudo PAM keeps records of the data exchanged between the user and the monitored server. The raw data can be downloaded later on but the session cannot be played back using the built in session player.
• none - Wheel Fudo PAM only takes note of the fact that the give session took place but does not record the data exchanged between the user and the server.

7. Select the OCR sessions option to fully index RDP and VNC sessions contents.

8. Select language used for processing recorded sessions.
9. In the Delete session data after field, define the number of days after which the session data will be deleted.
10. In the Permissions section, add users allowed to manage this object.
11. In the Server section, assign the account to a server by selecting it from the Server drop-down list.

Note

Two-fold authentication

With two-fold authentication enabled, user is being prompted twice for login credentials. Once for authenticating against Wheel Fudo PAM and once again for accessing target system.

To enable two-fold authentication, proceed as follows.

• From the Type drop-down list, select forward.
• In the Credentials section, select the Two-fold authentication option.

12. Click Save.

Editing an account

1. Select Management > Accounts.

2. Find and click desired object to open its configuration page.
3. Modify configuration parameters as needed.

Note

Unsaved changes are marked with an icon.

4. Click Save.

Deleting an account

Warning

Deleting an accout definition will terminate all current connections to servers which use selected account for accessing those servers.

1. Select Management > Accounts.
2. Find and select desired objects.
3. Click Delete.
4. Confirm deletion of selected objects.

Related topics:

• Data model
• System initiation
• Servers