Setting up password changing on a Unix system

This topic contains an example of setting up password changing on a Unix system.


Adding a password change policy

  1. Select Management > Password changers.
  2. Go to Password policies tab.
  3. Click Add password policy to create a new password changing policy.
  1. Provide password change policy name.

Note

Provide a descriptive name so that anyone administrating Fudo Enterprise can tell what the policy does at a glance. E.g. 10 minutes, 20 characters, special characters, uppercase.

  1. Select Password change enabled and define how frequently the password will be changed.
  2. Select the Password verification enabled and define how frequently the Secret Manager should verify whether the password has not been changed in any other way but the Secret Manager itself.
  3. Provide the number of characters comprising the password.
  4. Select desired password complexity options and provide the minimal number of characters for each.
../../_images/5-5-add-pc-policy.png
  1. Click Save to store password changer policy.

Assigning a password changer and a verifier to the privileged account

  1. Select Management > Accounts.
  2. Find and click desired account object.
  3. Go to PASSWORD CHANGERS tab.

Note

Regular account type, password method and login are required to configure password changers.

  1. In the Password changers field select Unix/SSH changer script from the Add changer drop-down list.
  2. In the Password changers window, in the Timeout field, define the script’s execution time limit.
  3. Review and modify default values.

Variable Value
transport_bind_ip cont_int: Any
transport_host cont_int: 10.0.0.12
transport_host_public_key cont_int: ssh-rsa AAA[...]
transport_login Enter manually: root
transport_method Enter manually: password
transport_password_prompt constant
transport_port cont_int: 22
transport_secret cont_int_mr_jenkins: *****
account_login cont_int_mr_jenkins: mr_jenkins
  1. Click Save to close Password changers window.

Note

  • Variables starting with transport_ are the transport layer variables determining connection parameters with the target host.
  • Password changer variables can be assigned values manually or initialized with properties of other objects.
  1. In the Password verifiers field select Unix/SSH verifier script from the Add verifier drop-down list.
  2. In the Password verifiers window, in the Timeout field, define the script’s execution time limit.
  3. Review and modify default values.

Variable Value
transport_bind_ip cont_int: Any
transport_host cont_int: 10.0.0.12
transport_host_public_key cont_int: ssh-rsa AAA[...]
transport_login cont_int_mr_jenkins: mr_jenkins
transport_method cont_int_mr_jenkins: password
transport_password_prompt constant
transport_port cont_int: 22
transport_secret cont_int_mr_jenkins: *****
  1. Click Save to close Password verifiers window.
  2. Next, click Save in the upper right corner to save the changes to the account definition.

Related topics: