Creating a regular account

  1. Select Management > Accounts.
  2. Click Add.
../../_images/accounts_view_add.png
  1. Define object’s name.
  1. Select Blocked option to disable account after it’s created.
  1. Select regular from the Type drop-down list.
  1. Select desired session recording option.

    • all - Fudo PAM saves session metadata (basic session information), records raw network traffic (RAW file) and stores session data in internal file format (FBS). The latter enables session playback using the built-in session player, as well as exporting sessions to a selection of video file formats.
    • raw - Fudo PAM saves session metadata (basic session information) and records raw network traffic (RAW file). The raw data can be downloaded but it cannot be played back in graphical form using the built-in session player (session player only depicts the networks packet exchange between the client and the target host).
    • none - Fudo PAM saves only session metadata (basic session information).
  1. Select the OCR sessions option to fully index RDP and VNC sessions contents.

Note

Indexing sessions enables full-text content searching.

../../_images/sessions_search.gif

Warning

OCR is a CPU intensive process and may have negative impact on system’s performance.

  1. Select language used for processing recorded sessions.

  2. In the Move session data to external storage after, define the number of days after which the session data will moved to external storage device.

  3. In the Delete session data after field, define the number of days after which the session data will be deleted.

  4. In the Permissions section, add users allowed to manage this object.

  5. In the Server section, assign account to a specific server by selecting it from the Server drop-down list.

  6. In the Credentials section, enter privileged account domain.

  7. Type in login to the privileged account.

  8. From the Replace secret with drop down list, select desired option.

    sercret from a different account

    • From the Account drop-down list, select account object, whose credentials will be used to authenticate user when establishing connection with monitored server.

    key

    • Click the i icon and select the key type.
    • Click the i icon and browse the file system to find the file with a non-passphrase protected private key.

    password

    • Provide account password.
    • Repeat account password.

    Note

    Two-fold authentication

    With two-fold authentication enabled, user is being prompted twice for login credentials. Once for authenticating against Wheel Fudo PAM and once again for accessing target system.

    To enable two-fold authentication, select password from the Replace secret with drop-down list and leave the password and login fields empty.

    password from external repository

    • Select external repository.
  9. Select the defined password changing policy from the Password change policy drop-down list.

  10. In the Password changer section, from the Password changer drop-down list select password changer specific for given account.

    Unix Account over SSH

    • Enter privileged user name.
    • Enter privileged user password.

    Windows Account over WMI

    • Enter privileged user name.
    • Enter privileged user password.

    MySQL User Account on Unix Server over SSH

    • Provide SSH user name.
    • Provide SSH account password.
    • Enter SSH server address.
    • Provide SSH service port.
    • Enter privileged user name.
    • Enter privileged user password.

    Cisco Account over Telnet

    • Provide privileged mode password.
    • Enter privileged user name.
    • Enter privileged user password.

    Cisco Enable Password over Telnet

    • Provide privileged mode password.
    • Enter privileged user name.
    • Enter privileged user password.

    Cisco Account over SSH

    • Provide privileged mode password.
    • Enter privileged user name.
    • Enter privileged user password.

    Cisco Enable Password over SSH

    • Provide privileged mode password.
    • Enter privileged user name.
    • Enter privileged user password.

    LDAP

    • Enter privileged user name.
    • Enter privileged user password.
    • Provide LDAP base.
    • Upload LDAP CA certificate.

    WinRM

    • Select target host language.
    • Enter privileged user name.
    • Enter privileged user password.

Note

  • Select Use an existing account option and select existing account from the drop-down list to use it for authentication purposes.
  • Privileged user account is used for changing the password when system detects that password has been changed in an unauthorized way.
  1. Click Save.
../../_images/add_account_regular.png

Related topics: