Setting up Password Changing on a Unix System

This topic contains an example of setting up password changing on a Unix system.


Adding a password change policy

  1. Select Management > Password changers.

  2. Go to Password policies tab.

  3. Click Add password policy to create a new password changing policy.

  1. Provide password change policy name.

Note

Provide a descriptive name so that anyone administrating Fudo Enterprise can tell what the policy does at a glance. E.g. 10 minutes, 20 characters, special characters, uppercase.

  1. Select Password change enabled and define how frequently the password will be changed.

  2. Select the Password verification enabled and define how frequently the Secret Manager should verify whether the password has not been changed in any other way but the Secret Manager itself.

  3. Provide the number of characters comprising the password.

  4. Select desired password complexity options and provide the minimal number of characters for each.

../../_images/5-5-add-pc-policy.png

  1. Click Save to store password changer policy.


Assigning a password changer and a verifier to the privileged account

  1. Select Management > Accounts.

  2. Find and click desired account object.

  3. Go to PASSWORD CHANGERS tab.

Note

Regular account type, password method and login are required to configure password changers.

  1. In the Password changers field select Unix/SSH changer script from the Add changer drop-down list.

  2. In the Password changers window, in the Timeout field, define the script’s execution time limit.

  3. Review and modify default values.


Variable

Value

transport_bind_ip

cont_int: Any

transport_host

cont_int: 10.0.0.12

transport_host_public_key

cont_int: ssh-rsa AAA[...]

transport_login

Enter manually: root

transport_method

Enter manually: password

transport_password_prompt

constant

transport_port

cont_int: 22

transport_secret

cont_int_mr_jenkins: *****

account_login

cont_int_mr_jenkins: mr_jenkins

  1. Click Save to close Password changers window.

Note

  • Variables starting with transport_ are the transport layer variables determining connection parameters with the target host.

  • Password changer variables can be assigned values manually or initialized with properties of other objects.

  1. In the Password verifiers field select Unix/SSH verifier script from the Add verifier drop-down list.

  2. In the Password verifiers window, in the Timeout field, define the script’s execution time limit.

  3. Review and modify default values.


Variable

Value

transport_bind_ip

cont_int: Any

transport_host

cont_int: 10.0.0.12

transport_host_public_key

cont_int: ssh-rsa AAA[...]

transport_login

cont_int_mr_jenkins: mr_jenkins

transport_method

cont_int_mr_jenkins: password

transport_password_prompt

constant

transport_port

cont_int: 22

transport_secret

cont_int_mr_jenkins: *****

  1. Click Save to close Password verifiers window.

  2. Next, click Save in the upper right corner to save the changes to the account definition.


Related topics: