Password changers¶
Wheel Fudo PAM uses proprietary password changers to manage credentials to privileged accounts defined on monitored servers. Password changer feature supports the following password management scenarios:
- Unix over SSH
- MySQL over SSH
- Cisco over SSH and Telnet
- Cisco Enable Password over SSH and Telnet
- MS Windows over WMI
Password changer policy¶
Password changer policy defines specifics of how frequently the password should be changed and password complexity requirements.
Defining a password changer policy
- Select > .
- Click .
- Enter object name.
- Select the Password change enabled option and specify the time interval between each password change.
- Select the Password verification enabled option and specify the time interval between each password verification.
- Define password complexity.
Parameter | Description |
---|---|
Length | Provide the number of characters comprising the password. |
Small letters | Select to include lowercase characters, define their minimal number. |
Capital letters | Select to include uppercase characters, define their minimal number. |
Special characters | Select to include special characters, define their minimal number. |
Digits | Select to include digits, define their minimal number. |
Note
The sum of the enforced password requirements cannot be greater than the specified password length.
- Click .
Editing a password changer policy
- Select > .
- Find and click desired object to open its configuration page.
- Modify configuration parameters as needed.
Note
Unsaved changes are marked with an icon.
- Click .
Deleting a password changer policy
- Select > .
- Find and select desired objects.
- Click .
- Confirm deletion of selected objects.
Custom password changers¶
Custom password changers enable defining a set of commands executed on a remote host in order to change the password.
Defining a custom password changer
- Select > .
- Select Custom changers tab.
- Click .
- Define the password changer’s name.
- Click i to add a command.
- Enter command.
Note
Commands allow usage of variables listed in the List of available variables section. Variables encapsulated in %% charachters will be replaced in all commands (e.g. %%host%%
).
- Provide optional comments.
- Repeat steps 5 through 7 to add additional commands.
- Repeat steps 5 through 8 and define a password verification commands in the Password verification commands list section.
Note
Drag and drop each command to change the execution order.
- Click .
Editing a custom password changer
- Select > .
- Select Custom changers tab.
- Click the name of desired password changer.
- Edit selected commands.
- Click i to remove selected command.
- Click .
Deleting a custom password changer
- Select > .
- Select Custom changers tab.
- Select desired elements and click .
- Confirm deleting selected objects.
Related topics: