The privileged accounts that are set up on the following applications/ database can be managed through PAM. To manage those accounts, you must customize the sample script and add it to the PAM rule. For more information about customizing the script refer, Password Reset Scripts.
Following are the tested applications on which you can reset the password of the accounts that are existing for those applications:
IMPORTANT:Privileged Account Manager server must have Java 1.6 or higher for password reset to work on the following applications:
SAP
VMWare ESXi
OpenStack
Amazon Web Services
NetIQ eDirectory is a list of objects that represent network resources, such as network users, servers, printers, print queues, and applications.You can enable password check-out feature to access the eDirectory server.
To enable password checkout feature for eDirectory, you can add the rules by using the eDirectory policy template. For more information about using the policy template refer, Adding a Policy Template.
Active Directory is a directory service that authenticates and authorizes all users and computers in a Windows domain type network. It assigns and enforces security policies for all computers and installs, or updates software.You can enable password check-out feature to access the Active Directory server.
To enable password checkout feature for Active Directory, you can add the rules by using the Active Directory policy template. For more information about using the policy template, see Adding a Policy Template.
OpenStack is a set of software tools designed for building and managing cloud computing platforms. You can enable the password check-out feature to access the OpenStack server.
To enable the password checkout feature for OpenStack, you can add the rules by using the OpenStack policy template or create an account domain and rule manually. For more information about enabling the password checkout for OpenStack, see Enabling Password Checkout for OpenStack
Amazon Web Services (AWS) is a bundled remote computing service that provides cloud computing infrastructure over the Internet with storage, bandwidth, and customized support for Application Programming Interfaces (API). You can enable the password check-out feature to access services in AWS cloud.
To enable password checkout feature for AWS, you can add the rules by using the AWS policy template or create an account domain and rule manually. For more information about enabling the password checkout for AWS, see Enabling Password Checkout for Amazon Web Services
System Applications Products (SAP) is an Enterprise Resource Planning System (ERP). You can enable the password check-out feature to access the SAP application.
To connect PAM with the Systems, Applications, and Products (SAP) application, ensure that you download the following files on the PAM manager server:
SAP Java connector (JCO)
You can download the JCO from the SAP Connectors site
The followingfiles must be downloaded from the SAP Service Marketplace Web site:
sapjco3.jar: SAP java client library.
libsapjco3.so: SAP Linux 64-bit client library.
sapjco3.dll: SAP Windows 64-bit client library.
SAPUserPwdCheckIn.jar: Java SAP Client to reset a SAP users’ password.
NOTE:The download is free to any SAP software customer or development partner, but you are required to log in to the mentioned website.
To enable password checkout feature for SAP, you can add the rules by using the SAP policy template. For more information about using the policy template, see Adding a Policy Template.
The VMware ESXi is a type-1 hypervisor that is used for the hardware virtualization. You can enable password check-out feature to access the ESXi server.
PAM bundles the VMWare Infrastructure Java API to communicate with VMware ESXi server. The default location to VMWare Infrastructure Java API is /opt/netiq/npum/service/local/cmdctrl/lib/ (for Linux) and c:\Program Files\npum\opt\netiq\npum\service\local\cmdctrl\lib (for Windows). To connect PAM with ESXi server, ensure that you download the following files:
sapjco3.jar
(For Linux) libsapjco3.so
(For Windows) sapjco3.dll
To enable password checkout on ESXi, you can add the rules by using the ESX policy template. For more information about using the policy template, see Adding a Policy Template.