Setting up password changing on a Unix system

This topic contains an example of setting up password changing on a Unix system.


Adding a password change policy

  1. Select Management > Password changers > Password policies.
  2. Click Add to create a new password changing policy.
  1. Provide password change policy name.

Note

Provide a descriptive name so that anyone administrating Fudo Enterprise can tell what the policy does at a glance. E.g. 10 minutes, 20 characters, special characters, uppercase.

  1. Select Password change enabled and define how frequently the password will be changed.
  2. Select the Password verification enabled and define how frequently the Secret Manager should verify whether the password has not been changed in any other way but the Secret Manager itself.
  3. Provide the number of characters comprising the password.
  4. Select desired password complexity options and provide the minimal number of characters for each.
../../_images/5-1-add-pc-policy.png
  1. Click Save to store password changer policy.

Assigning a password changer and a verifier to the privileged account

  1. Select Management > Accounts.
  2. Find and click desired account object.
  3. Click Add password changer.
  1. From the Password verifier drop-down list, select Unix/SSH changer.
  2. Define the script execution time limit.
  3. Review and modify default values.
Variable Value
transport_bind_ip cont_int: Any
transport_host cont_int: 10.0.0.12
transport_host_public_key cont_int: ssh-rsa AAA[...]
transport_login Enter manually: root
transport_method Enter manually: password
transport_password_prompt constant
transport_port cont_int: 22
transport_secret cont_int_mr_jenkins: *****
account_login cont_int_mr_jenkins: mr_jenkins

Note

  • Variables starting with transport_ are the transport layer variables determining connection parameters with the target host.
  • Password changer variables can be assigned values manually or initiated with properties of other objects.
  1. Click Add password verifier.
  1. From the Password verifier drop-down list, select Unix/SSH changer.
  2. Define the script execution time limit.
  3. Review and modify default values.
Variable Value
transport_bind_ip cont_int: Any
transport_host cont_int: 10.0.0.12
transport_host_public_key cont_int: ssh-rsa AAA[...]
transport_login cont_int_mr_jenkins: mr_jenkins
transport_method cont_int_mr_jenkins: password
transport_password_prompt constant
transport_port cont_int: 22
transport_secret cont_int_mr_jenkins: *****
  1. Click Save.

Related topics: