Unix

This topic describes the Unix plugin.

Support

Target devices

The CPM supports remote account management for Unix and Linux accounts on IPv4 and IPv6 on the following target devices:

  • Solaris Intel 10, 11
  • Solaris Sparc 10, 11
  • RHEL 7, 7.1, 7.4, 7.6, 8.0, 8.4
  • Oracle Enterprise Linux 6, 7
  • IBM AIX 6.1, 7.1, 7.3
  • HP-UX 11.x
  • Ubuntu 18.04
  • Fedora 27, 28
  • CentOS 7
  • SUSE Linux 11, 12
  • OpenSUSE 42, 15.4
  • Amazon Linux 2
  • VMWare ESX\i 6.0, 6.5, 6.7, 7.0
  • Cygwin
 

HP-UX - supported only on IPv4

VMWare ESX\i - Change with Logon and Reconcile with Sudo are not supported

Accounts

The CPM supports account management for the following accounts:

  • Unix \ Linux accounts

Platforms

In the PVWA Platform Management page, make sure that the following target account platform is displayed:

  • Unix via SSH

Connection Methods

This plugin supports the following connection method to the remote machine:

  • SSH
  • Telnet

Actions

The following table lists the supported password/SSH key management actions for this platform.

Action

Supported

Permissions

Verify

Yes

 

Change

Yes

 

Reconcile

Yes

When UseSudoOnReconcile is set to No, the reconcile account must use a root user or a power user with root permissions. When UseSudoOnReconcile is set to Yes, the reconcile account must be in the sudoers list.

If the reconcile account user authenticates to the target server with a password, on the target machine, in sshd_config, set the PasswordAuthentication parameter to yes.

Delete

No

 

Logon Accounts

Action

Supported

Required

Platform

Permissions

Logon and verify

Yes

No

  • Unix via SSH
  • Unix via SSH Keys

SU command must be enabled

Logon and change

Yes

No

  • Unix via SSH
  • Unix via SSH Keys

SU command must be enabled

Logon and reconcile

Yes

No

Unix via SSH

SU command must be enabled

Reconcile Accounts

Action

Supported

Required

Platform

Permissions

Reconcile

Yes

Yes

  • Unix via SSH
  • Unix via SSH Keys

    If a logon account is used for the reconcile account, or UseSudoOnReconcile is set to Yes, the Unix via SSH Keys platform is not supported.

When UseSudoOnReconcile is set to No, the reconcile account must use a root user or a power user with root permissions. When UseSudoOnReconcile is set to Yes, the reconcile account must be in the sudoers list.

If the reconcile account user authenticates to the target server with a password, on the target machine, in sshd_config, set the PasswordAuthentication parameter to yes.

 

  • Logon and reconcile accounts password cannot be expired.

  • A logon account can only be associated to a reconcile account at the account level, not at the platform level.

Connection Components

The following connection components can be used with accounts managed by this plugin:

  • PSM-SSH
  • PSM-WinSCP

For details, see Operating systems.

Configuration

Import platform

This procedure is relevant if the platform is not included in installation.

  1. Add the following file categories, if they do not already exist.

    File category

    Type

    Required

    Port

    Numeric

    No

    Protocol

    Text

    No

  2. Import the platform.

Platform Parameters

Parameter

Description

Port

The port number of the target device.

Default value: 22

Protocol

The type of protocol used to connect to the target device.

Acceptable values: ssh, telnet

Default value: ssh

UseSudoOnReconcile

Indication if the reconcile action will use sudo command or su.

Acceptable values: Yes, No (Supported for SSH only.)

Default value: none

Account Parameters

Required

Parameter

Description

Address

The IP address or hostname of the remote machine where the password will be used.

Acceptable values: IPv4, IPv6, hostname

Default value: none

Username

The name of the user on the remote machine who this password belongs to.

Optional

Parameter

Description

Port

The port number of the target device.

Default value: The port defined in the platform

Protocol

The type of protocol used to connect to the target device.

Acceptable values: ssh, telnet

Default value: The protocol defined in the platform