The privileged account credentials and domain information are stored in domains and credentials. The user can create multiple credentials for a single domain.The credentials are securely stored in an encrypted form.
Click
on the home page of the console.In the navigation pane, select
.In the task pane, click
.Specify the following information:
Name: Specify a name for the domain.
Type: Select
as the account type for the user.Profile: Select the profile for the user.
LDAP URL: Specify the DNS name. For example: netiq.com
Base DN: To display the domain name, click
Scope: Select the scope for the user.
Account: Specify the account name of the domain user. For example: administrator
User DN: Specify the complete name for the domain user. For example: CN=administrator,CN=Users,DC=netiq,DC=com
Password: Specify the password for the domain user account.
Click
to save the account domain details.An account domain and a credential is created for the specified domain. To add multiple credentials continue with Adding Credentials
Click
on the home page of the console.In the navigation pane, select
.Select the account domain you want to modify.
In the task pane, click
.Specify the following information:
Name: Specify a name for the domain.
Type: Select
as the account type for the user.Profile: Select the profile for the user.
Base DN: To display the domain name, click
Scope: Select the scope for the user.
Account: Specify the account name of the domain user. For example: administrator
Credential: Select a credential for the domain.
Click
to save the account domain details.Click
on the home page of the console.Click
in the navigation pane.Select the account domain you want to delete.
To select multiple account domains, display the domains in the right pane, press the Ctrl key and select the required account domains one at a time, or press the Shift key to select a consecutive list of account domains.
Click
in the task pane. The selected account domains are listed.Click
.The account domains are deleted, and are also removed from any other account groups, rule conditions, and script entities where they have been defined.
To add multiple credentials to the existing account domain do the following:
Click
on the home page of the console.In the navigation pane, select
.Select an
.In the task pane, click
.Specify the following details:
Account: Specify the account name of the domain user. For example: administrator.
User DN: Specify the complete name for the domain user. For example: CN=administrator,CN=Users,DC=netiq,DC=com
Password: Specify the password for the domain user account.
Click
to save the account domain and credential details.Click
on the home page of the console.In the navigation pane, select
.In the task pane, click
.Specify the following information:
Name: Specify the IP address or full name of the host.
Type: Select
as the type for the user.SSH Host: Specify the IP address or the full name of the host.
SSH Host Key: Click
to populate the host key, otherwise manually specify the SSH host key.Credential Type: In the drop-down list select either
or .Account: Specify the account name of the domain user. Example: root.
Password: Specify the password for the domain user account, if you have selected credential type as
.Private Key: Generate the key pair and copy the private key content here, if you have selected credential type as
.To generate the key pair do the following:
Open an terminal to the remote host and browse to the /root/.ssh folder
Type ssh-keygen -t rsa
Public and private keys are generated.
Copy the content of the public key from the remote host to the authorized_keys file on the SSH Relay Agent Host.
Copy the content of the private key from the remote host to the Privileged User Manager SSH private key.
Passphrase: Specify the passphrase that was entered while generating the key pair.
Click
to save the account domain details.Click
on the home page of the console.In the navigation pane, select
.Select the account domain you want to modify
In the task pane, click
.Specify the following information:
Name: Specify the IP address or full name of the host.
Type: Select
as the account type for the user.SSH Host: Select the host for the user.
SSH Host Key: Click
to populate the host key, otherwise manually specify the SSH host key.Credential: Select a credential for the user.
Click
to save the account domain details.Click
on the home page of the console.Click
in the navigation pane.Select the account domain you want to delete.
To select multiple account domains, display the domains in the right pane, press the Ctrl key and select the required account domains one at a time, or press the Shift key to select a consecutive list of account domains.
Click
in the task pane. The selected account domains are listed.Click
.The account domains are deleted, and are also removed from any other account groups, rule conditions, and script entities where they have been defined.