Layer7 Privileged Access Management

Expand all | Collapse all

Account password vault and password rotation issue??

  • 1.  Account password vault and password rotation issue??

    Posted 05-22-2019 03:33 AM

    Is Anyone Expert in the Linux?

    Because while we vault the password we face the issue? 

    For that we got a solution to check which account should vault and password by using echo $? equivalent to 0 

    and while echo $? equivalent 1 this message shows then its account not vaulted in Linux end device so

    can anybody tell me that when which user profile creating incorrect command show echo $? equivalent 1.

     

    Please, anybody, suggest to me??

    Thank you



  • 2.  Re: Account password vault and password rotation issue??

    Posted 05-22-2019 10:55 PM

    Hi Sudip, This has been seen by other customers too. If you have control over the login scripts on the server, you can resolve the problem by updating the last login script that runs to end with a command that returns 0. Which scripts run during login depends on the shell, and on what login scripts are found in the user's home directory, such as .bashrc etc. Some customers use replacement scripts that skip the $? test for accounts that verify their own password. If you have your accounts configured such that another account is used to update the password, that other account can also be used for the verify part. This would avoid the problem as well. The disadvantage is that the account cannot be verified while the other account password is wrong. As it happens, the default UNIX target application scripts are getting updated right now, and the changes include bypassing the echo command after login via SSH for the case where an account verifies its own password, since the login itself would fail if the password wasn't right. Thus we expect this problem to be resolved in future maintenance releases 3.2.6 and 3.3.1.