Symantec IGA

Expand all | Collapse all

Periodic L7 IDM Endpoint Credential Refresh

Jump to Best Answer
  • 1.  Periodic L7 IDM Endpoint Credential Refresh

    Posted 11-06-2019 03:56 PM
    A current L7 Identity Manager deployment has the requirement to refresh credentials (specifically the password) of the managed endpoint directories at periodic intervals. Can this be done and if so does a technical note exist to accomplish it? Can a PAM solution be leveraged to provide the latest credential to be used during the refresh?

  • 2.  RE: Periodic L7 IDM Endpoint Credential Refresh
    Best Answer

    Posted 11-07-2019 03:23 PM
    I don't believe PAM would help you as you would need to enter the password on each acquired endpoint and then the password would be encrypted and stored within the Provisioning Repository. I also believe updating each endpoint type may vary from one type to another. I don't believe there is any technical note on this.

  • 3.  RE: Periodic L7 IDM Endpoint Credential Refresh

    Posted 11-22-2019 06:50 PM
    For Community knowledge: An issue related to this topic was raised by a colleague (Dan Wilkinson) and he and Kenny followed a technical note to prove that changing the administrative password on a Provisioning Connector credential could be done.

    Here is a summary of what they did:

    Use an ldapbrowser to connect to the Provisioning Repository router which is running on the Provisioning Server machine and listening on port 20391 using the Bind DN of "eTDSAContainerName=DSAs,eTNamespaceName=CommonObjects,dc=etadb" with the installation password and then navigate to the object "eTDYNDirectoryName=My_Endpoint_Name,eTNamespaceName=UNIX v2,dc=im,dc=etadb". Enter the clear-text new password into the attribute eTDYNPassword. Note that JXplorer will now show the eTDYNPassword attribute in clear text. From Provisioning Manager, show the properties of the endpoint and enter the new password there. Apply it. Now the  eTDYNPassword will be re-encrypted. Validate by logging off and logging back on the Provisioning Manager and displaying the properties of the modified endpoint.

    You can also review this tech note: Click or tap if you trust this link.">