Hi Ashish
I think pam doesn't currently have this report exactly, you can run the View Password Request report to see all password requests but this includes login events. This functionality is really missing in PAM.
I have proposed in the ideas section that a dual authorization can be parameterized only for password display events
Original Message:
Sent: 03-19-2020 08:21 AM
From: Ashish khar
Subject: Password view
Hi Community,
We have a requirement to monitor the password view activity, in case anyone views the passord of any user in PAM.
Can you please help us to know that what type of logs are created by default is any admin/normal user tries to view the password of any user.
Lets say if a admin try to view password of root ids and AD ids stored in PAM, what logs are genrated and Can we send those logs with SIEM?
Regards,
Ashish Khar