Setting up password changing on a Unix system

This topic contains an example of setting up password changing on a Unix system.

Configuration

Adding a password change policy

  1. Select Management > Password changers.
  2. Click Add to create a new password changing policy.
../../_images/psswd_chngr_list.png
  1. Provide password change policy name.

Note

Provide a descriptive name so that anyone administrating Wheel Fudo PAM can tell what the policy does at a glance. E.g. 10 minutes, 20 characters, special characters, uppercase.

  1. Select Password change enabled and define how frequently the password will be changed.
  2. Select the Password verification enabled and define how frequently the Secret Manager should verify whether the password has not been changed in any outher way but the Secret Manager itself.
../../_images/add_chngr_general.png
  1. Provide the number of characters comprising the password.
  2. Select desired password complexity options and provide the minimal number of characters for each.
../../_images/add_chngr_requirements.png
  1. Click Save to store password changer policy.

Assigning password changer to the privileged account

  1. Select Management > Accounts.
  2. Find and click desired account object.
../../_images/accounts_list.png
  1. Provide the privileged account login in the Credentials section.
  2. Select with password from the Replace secret drop-down list.
  3. Provide privileged account password.
  4. Select your policy from the Password change policy drop-down list.
../../_images/edit_account_credentials.png
  1. In the Password changer section, select the Unix Account over SSH from the Password changer drop-down list.
  2. Provide superuser login credentials.
../../_images/edit_account_psswd_chngr.png

Note

Superuser account enables resetting the password in case the Secret manager detects that it has been changed by someone else.

  1. Click Save.

Related topics: