3.3 NetIQ Privileged Account Manager

3.3.1 Overview

Privileged Account Manager (PAM) helps an organization to protect its critical assets and maintain the compliance requirements by securing, managing, and monitoring privileged accounts for privileged access. It is capable of managing the shared accounts and also auditing those accounts. You can monitor all the actions performed in the servers for Windows, Linux, database, or any application such as, LDAP.

NetIQ Privileged Account Manager version 4.4 has been validated with DSfW version 23.4.

For more information about NetIQ Privileged Account Manager, see PAM Documentation.

3.3.2 Integration of PAM with DSfW

Prerequisites

Download the following files from the NetIQ Downloads website:

  • PAM Manager: netiq-npam-manager-4.4.0-linux-3.0-x86_64.rpm

  • Agentless Package: agentless-4-4-linux-x86_64-3.0.pak

For more information, see Planning Your Privileged Account Manager Installation

Procedure

  1. Install Privileged Account Manager on the target system.

  2. Using the command line, publish the package to the Package Manager.

    /opt/netiq/npum/sbin/unifi -u <username> -p <password> distrib publish -f <package>

    For more information about the command to publish packages to the package manager, see Package Distribution Options.

  3. Login to the Legacy PAM Console (https://<ipaddress>) and install the Agentless package (agentless-4-4-linux-x86_64-3.0.pak). See Installing Host Packages.

  4. Login to the New PAM Console (https://<ipaddress/pam>).

    1. Configure the DSfW server as an LDAP server. See Configuring LDAP Server Settings.

    2. After adding DSfW as an LDAP server, log out as a PAM user and re-login as a DSfW domain user. This step confirms that domain user login is successful using the DSfW server as an LDAP server.

      NOTE:If the validation fails, review the log files and LDAP server configuration (Step 4.a).

    3. Configure Linux Agentless Web SSH and Windows Agentless Web RDP. See Agent and Agentless Capability.

    4. (Optional) View the logs and service files.

      • Log Location: /opt/netiq/npum/logs/unifid.log

      • Service status: /etc/init.d/npum status

For more information related to installing and removing the Framework Manager, see Installing the Framework Manager.