Symantec Privileged Access Management

View Only

How to change the password of a UNIX target account from PAM

MARUBUN SUPPORT posted Jan 30, 2024 04:00 AM

Hi Team,

Our customers have questions.

---

In our customer's environment, there is a target account called pamadmin that has the privilege to change passwords.

I have a question,

Is there a way to manually change the password of pamadmin, the UNIX target account, from PAM?

For the Windows target account, there is an item for forced password change on the [Windows Remote] tab, so I think it is possible to change the password from the PAM side, but it was not an item for UNIX, so I asked the question. .

---

Thanks,

Broadcom Employee Ralf Prigl posted Jan 30, 2024 03:14 PM

Hello, The "forcePasswordChange" option currently is available for Windows accounts only, see our online documentation that lists available attributes for each target application and account type, such as on page UNIX Target Connector CLI Configuration. You can raise an idea for a product enhancement on the ideation page.

MARUBUN SUPPORT posted Feb 02, 2024 03:48 AM

Hi,

We have received additional questions from our customers.

It seems that I asked the question incorrectly.

The question is, "Is there a way to manually change the password of the UNIX target account pamadmin from PAM?"

Is it okay to understand the following?

PAM can be automatically changed to a random password using scheduled jobs, policy settings, etc.

It is impossible to manually change the password to any password in PAM's Unix-based settings.

Thanks,

Broadcom Employee Ralf Prigl posted Feb 02, 2024 12:28 PM

You can edit the target account and set a new password manually, assuming the account is in a Verified state, i.e. the current password is correct. The update will work as long as the new password is accepted by the target device, i.e. it conforms to password composition requirements that may exist on the target device.