Unix

This topic describes the Unix plugin.

Support

Target devices

The CPM supports remote account management for Unix and Linux accounts on IPv4 and IPv6 on the following target devices:

Solaris Intel 11.2, 11.3
Solaris Sparc 11.2, 11.3
RHEL 7.1, 7.4, 7.6, 8.x*, 9.x*
Fedora 38*
Oracle Enterprise Linux 6, 7
IBM AIX 7.1, 7.3
HP-UX 11.x

HP-UX - supported only on IPv4

VMWare ESX\i - Change with Logon and Reconcile with Sudo are not supported.

Ubuntu 18.04, 22.04*
CentOS 7
SUSE Linux 12
OpenSUSE 15.4
Amazon Linux 2
VMWare ESX\i 6.5, 6.7, 7.0, 8.0*

Cygwin
Debian 11.6*

*The target device version is only supported when the SSH library is configured to work with the Rebex library. For more information, see Disable support for legacy modes.

Accounts

The CPM supports account management for the following accounts:

Unix \ Linux accounts

Platforms

In the Privilege Cloud Portal Platform Management page, make sure that the following target account platform is displayed:

Unix via SSH

Connection Methods

This plugin supports the following connection method to the remote machine:

SSH
Telnet

Actions

The following table lists the supported password/SSH key management actions for this platform.

Action	Supported	Permissions
Verify	Yes
Change	Yes
Reconcile	Yes	When UseSudoOnReconcile is set to No, the reconcile account must use a root user or a power user with root permissions. When UseSudoOnReconcile is set to Yes, the reconcile account must be in the sudoers list. If the reconcile account user authenticates to the target server with a password, on the target machine, in sshd_config, set the PasswordAuthentication parameter to yes.
Delete	No

Logon Accounts

Action	Supported	Required	Platform	Permissions
Logon and verify	Yes	No	Unix via SSH Unix via SSH Keys	SU command must be enabled
Logon and change	Yes	No	Unix via SSH Unix via SSH Keys	SU command must be enabled
Logon and reconcile	Yes	No	Unix via SSH	SU command must be enabled

Reconcile Accounts

Action	Supported	Required	Platform	Permissions
Reconcile	Yes	Yes	Unix via SSH Unix via SSH Keys If a logon account is used for the reconcile account, or UseSudoOnReconcile is set to Yes, the Unix via SSH Keys platform is not supported.	When UseSudoOnReconcile is set to No, the reconcile account must use a root user or a power user with root permissions. When UseSudoOnReconcile is set to Yes, the reconcile account must be in the sudoers list. If the reconcile account user authenticates to the target server with a password, on the target machine, in sshd_config, set the PasswordAuthentication parameter to yes.

Action

Supported

Required

Platform

Permissions

Reconcile

Yes

Unix via SSH
Unix via SSH Keys
If a logon account is used for the reconcile account, or UseSudoOnReconcile is set to Yes, the Unix via SSH Keys platform is not supported.

When UseSudoOnReconcile is set to No, the reconcile account must use a root user or a power user with root permissions. When UseSudoOnReconcile is set to Yes, the reconcile account must be in the sudoers list.

If the reconcile account user authenticates to the target server with a password, on the target machine, in sshd_config, set the PasswordAuthentication parameter to yes.

Logon and reconcile accounts password cannot be expired.
A logon account can only be associated to a reconcile account at the account level, not at the platform level.

Connection Components

The PSM-SSH and PSM-WinSCP PSM connectors are used with accounts managed by this plugin.

Configuration

Platform Parameters

Parameter	Description
Port	The port number of the target device. Default value: 22
Protocol	The type of protocol used to connect to the target device. Acceptable values: ssh, telnet Default value: ssh
UseSudoOnReconcile	Indication if the reconcile action will use sudo command or su. Acceptable values: Yes, No (Supported for SSH only.) Default value: none

Parameter

Description

Port

The port number of the target device.

Default value: 22

Protocol

The type of protocol used to connect to the target device.

Acceptable values: ssh, telnet

Default value: ssh

UseSudoOnReconcile

Indication if the reconcile action will use sudo command or su.

Acceptable values: Yes, No (Supported for SSH only.)

Default value: none

Account Parameters

Required

Parameter	Description
Address	The IP address or hostname of the remote machine where the password will be used. Acceptable values: IPv4, IPv6, hostname Default value: none
Username	The name of the user on the remote machine who this password belongs to.

Parameter

Description

Address

The IP address or hostname of the remote machine where the password will be used.

Acceptable values: IPv4, IPv6, hostname

Default value: none

Username

The name of the user on the remote machine who this password belongs to.

Optional

Parameter	Description
Port	The port number of the target device. Default value: The port defined in the platform
Protocol	The type of protocol used to connect to the target device. Acceptable values: ssh, telnet Default value: The protocol defined in the platform

Parameter

Description

Port

The port number of the target device.

Default value: The port defined in the platform

Protocol

The type of protocol used to connect to the target device.

Acceptable values: ssh, telnet

Default value: The protocol defined in the platform