UNIX Domain/NIS Accounts

This topic describes how to configure UNIX domain/NIS accounts.

Platform configuration

You can use PSM for SSH to access target machines using UNIX Domain/NIS accounts. This platform is not predefined and must be configured manually.

 

In SSH protocol, there is no foolproof way to ensure the identity of the target machine, which could potentially lead to a security risk. Please take this into consideration when using this feature.

Multiple target addresses

You can configure PSM for SSH to access multiple targets using the same account, without using a domain account, by following the Configure a UNIX domain/NIS platform procedure.

End users use the centralmanagement parameter in the PSM for SSH command to specify the address in the centralized account. For details, see PSM for SSH Parameters.

Address list

The Vault administrator can configure a list of addresses of remote machines to which a domain account can be used to connect. When a user tries to connect with this account, the list of addresses is displayed and the user can choose an address from the list. The Vault administrator determines whether the user is only allowed to connect to machines that are in the list of addresses or if they are allowed to connect to other machines as well.

If the user tries to connect to a remote machine which is is not allowed to them, an error will appear.

For more information about defining this list, refer to Connection Component Configuration.

 

This capability can prevent the ability to use the account to connect to machines which are not in the list through PSM and PSM for SSH or with a transparent connection through the PVWA. It will not prevent access to machines in the domain by other means and therefore should not be used for access control to servers. It is recommended to configure and set appropriate access on the target machines through external controls such as firewalls, domain separation and more.