Password Management feature allows you to change the password of credentials configured in PAM. To change the password, PAM uses scripts associated with the vault or the resource. PAM by default provides out-of-the-box scripts to change password of few resources. In addition, PAM provides capability to define custom password change scripts.
For some of the resources, in addition to privileged account password change, you can also change the password in the associated services or service accounts. This password change task can be scheduled for execution automatically at periodic intervals. In addition, you can also configure execution of an automated task (service task), after password change is complete. For example, if you want to perform backup after changing the password, it can be defined as a service task.
The following table helps you understand the password management capabilities provided by PAM based on the type of resource:
|
Resource |
Password Management |
Schedule Password Change |
Change Password in Associated Services |
Custom Task Execution after Password change |
|---|---|---|---|---|
|
Windows |
Yes |
Yes |
Yes |
Yes |
|
UNIX, Linux and Network Device |
||||
|
Linux and Network Devices using SSH connection |
Yes |
Yes |
No |
Yes |
|
Telnet (Linux and Network Devices using Telnet connection) |
No |
No |
No |
No |
|
UNIX |
No |
No |
No |
No |
|
LDAP |
||||
|
Windows Active Directory |
Yes |
Yes |
Yes |
Yes |
|
NetIQ eDirectory |
No |
No |
No |
No |
|
OpenLDAP |
No |
No |
No |
No |
|
Database |
Yes |
No You can only enable the password to be changed immediately after credential check-in. |
No |
No |
|
Application |
||||
|
Application Credential Checkout |
Yes |
No You can only enable the password to be changed immediately after credential check-in. |
No |
No |
|
Application SSO |
No |
No |
No |
No |
|
Key |
No These are static keys that cannot be rotated. |
No |
No |
No |