Password changers

Wheel Fudo PAM uses proprietary password changers to manage credentials to privileged accounts defined on monitored servers. Password changer feature supports the following password management scenarios:

  • Unix over SSH
  • MySQL over SSH
  • Cisco over SSH and Telnet
  • Cisco Enable Password over SSH and Telnet
  • MS Windows over WMI

Password changer policy

Password changer policy defines specifics of how frequently the password should be changed and password complexity requirements.

Defining a password changer policy

  1. Select Management > Password changers.
  2. Click Add.
  3. Enter object name.
  4. Select the Password change enabled option and specify the time interval between each password change.
  5. Select the Password verification enabled option and specify the time interval between each password verification.
  1. Define password complexity.
Parameter Description
Length Provide the number of characters comprising the password.
Small letters Select to include lowercase characters, define their minimal number.
Capital letters Select to include uppercase characters, define their minimal number.
Special characters Select to include special characters, define their minimal number.
Digits Select to include digits, define their minimal number.

Note

The sum of the enforced password requirements cannot be greater than the specified password length.

  1. Click Save.
../../_images/add_password_changer.png

Editing a password changer policy

  1. Select Management > Password changers.
  1. Find and click desired object to open its configuration page.
  2. Modify configuration parameters as needed.

Note

Unsaved changes are marked with an icon.

../../_images/unsaved_changes.png
  1. Click Save.

Deleting a password changer policy

  1. Select Management > Password changers.
  2. Find and select desired objects.
  3. Click Delete.
  4. Confirm deletion of selected objects.

Custom password changers

Custom password changers enable defining a set of commands executed on a remote host in order to change the password.

Defining a custom password changer

  1. Select Management > Password changers.
  2. Select Custom changers tab.
  3. Click Add.
  4. Define the password changer’s name.
  5. Click i to add a command.
  1. Enter command.

Note

Commands allow usage of variables listed in the List of available variables section. Variables encapsulated in %% charachters will be replaced in all commands (e.g. %%host%%).

  1. Provide optional comments.
  2. Repeat steps 5 through 7 to add additional commands.
  3. Repeat steps 5 through 8 and define a password verification commands in the Password verification commands list section.

Note

Drag and drop each command to change the execution order.

  1. Click Save.

Editing a custom password changer

  1. Select Management > Password changers.
  2. Select Custom changers tab.
  3. Click the name of desired password changer.
  4. Edit selected commands.
  5. Click i to remove selected command.
  6. Click Save.

Deleting a custom password changer

  1. Select Management > Password changers.
  2. Select Custom changers tab.
  3. Select desired elements and click Delete.
  4. Confirm deleting selected objects.

Related topics: