The main objective of this article is to give a step by step procedure to install and configure the IDM 4.6 as non-root / non-administrator user on Linux/Windows operating systems.
Below are some requirements to be fulfilled.
A privileged user is someone who has administrative access to critical systems. For instance, anyone who can set up and delete user accounts and roles on LDAP is a privileged user, in our case we will make non-root user / non-admin user as a privileged user by giving them administrative access.
Like any privilege, a privileged account should only be extended to trusted people. You only give accounts with “root” privileges (like the ability to change system configurations, install software, change user accounts or access secure data) to those that you trust.
NetIQ Privileged Account Management (PAM) helps IT administrators manage the identity and access for super user, root accounts, and application users by providing controlled super user/privileged access to administrators, allowing them to perform jobs without needlessly exposing root account credentials. It also provides a centralized activity log across multiple platforms.
Please refer to the PAM Documentation https://www.netiq.com/documentation/privileged-account-manager-3/
A privileged account is someone who already has administrative access to critical systems but those credentials cannot be shared. Ex: system root and system administrators.
Before we can integrate PAM to use the authentication domain, the account domain details need to be added to the PAM manager. The PAM manager supports creation of the account domain under the command control console installed as part of default manager installation.
To create the privileged accounts in PAM, follow the steps below:
The various steps to add the authentication account domain to PAM are as follows:
By this we are storing the Target machine root / administrator level user credentials, in PAM in a secured and encrypted manner.
After adding the Privileged account details, the next step is to create rules in Command Control so that authorization to access the SSH relay / RDP Relay host is given based on the rule. This can be achieved by following the steps below:
After adding the Privileged account details and rules, the next step is to execute the commands. Follow the steps below:
Root level user credentials are not required each and every time, it will be useful during POCs and installing IDM 4.6 as a non-root user.
Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment. It just worked for at least one person, and perhaps it will be useful for you too. Be sure to test in a non-production environment.