Unix

This topic describes the Unix plugin.

Support

Target devices

The CPM supports remote account management for Unix and Linux accounts on IPv4 and IPv6 on the following target devices:

  • Solaris Intel 9, 10, 11

  • Solaris Sparc 10, 11

  • Oracle Enterprise Linux 5, 6, 7

  • HP-UX 11.x

  • IBM AIX 5.3, 6.1, 7.1

  • RHEL 4-8

  • Ubuntu 12.04, 16

  • Fedora 18, 22, 23, 27, 28

  • CentOS 6, 7

  • SUSE Linux 10, 11, 12

  • OpenSUSE 42

  • Cygwin

 

HP-UX is supported only on IPv4

Accounts

The CPM supports account management for the following accounts:

Unix \ Linux accounts

Platforms

In the PVWA Platform Management page, make sure that the following target account platform is displayed:

  • Unix via SSH

Connection Methods

This plugin supports the following connection method to the remote machine:

  • SSH
  • Telnet

Actions

The following table lists the supported password/SSH key management actions for this platform:

Action

Verify

Supported ü
Permissions  

Action

Change

Supported ü
Permissions  

Action

Reconcile

Supported ü
Permissions

When UseSudoOnReconcile is set to No, the reconcile account must use a root user or a power user with root permissions. When UseSudoOnReconcile is set to Yes, the reconcile account must be in the sudoers list.

If the reconcile account user authenticates to the target server with a password, on the target machine, in sshd_config, set the PasswordAuthentication parameter to yes.

Action

Delete

Supported û
Permissions

-

Reconcile Accounts

Action

Reconcile

Supported ü
Required ü
Platform
  • Unix via SSH
  • Unix via SSH Keys

    If a logon account is used for the reconcile account, or UseSudoOnReconcile is set to Yes, the Unix via SSH Keys platform is not supported.

Permissions

When UseSudoOnReconcile is set to No, the reconcile account must use a root user or a power user with root permissions. When UseSudoOnReconcile is set to Yes, the reconcile account must be in the sudoers list.

If the reconcile account user authenticates to the target server with a password, on the target machine, in sshd_config, set the PasswordAuthentication parameter to yes.

Logon Accounts

Action

Logon and verify

Supported ü
Required û
Platform
  • Unix via SSH
  • Unix via SSH Keys
Permissions SU command must be enabled

Action

Logon and change

Supported ü
Required û
Platform
  • Unix via SSH
  • Unix via SSH Keys
Permissions SU command must be enabled.

Action

Logon and reconcile

Supported ü
Required û
Platform
  • Unix via SSH
Permissions

SU command must be enabled.

 

 

Logon and reconcile accounts password cannot be expired.

Connection Components

The following connection components can be used with accounts managed by this plugin:

  • PSM-SSH
  • PSM-WinSCP

For details, see Operating systems.

Configuration

Import platform

This procedure is relevant if the platform is not included in installation.

  1. Add the following file categories, if they do not already exist:

    Port

    Type Numeric
    Valid value 
    Required No

    Protocol

    Type Text
    Valid value 
    Required No
  2. Import the platform.

Platform Parameters

Port

Description The port number of the target device.
Acceptable Value  
Default Value

22

Protocol

Description The type of protocol used to connect to the target device.
Acceptable Value ssh, telnet
Default Value

ssh

UseSudoOnReconcile

Description Indication if the reconcile action will use sudo command or su.
Acceptable Value

Yes, No

Supported for SSH only.

Default Value

No

Account Parameters

Required

Address

Description The IP address or hostname of the remote machine where the password will be used.
Acceptable Values IPv4, IPv6, hostname
Default Value  

Username

Description The name of the user on the remote machine who this password belongs to.
Acceptable Value  
Default Value  

Optional

Port

Description The port number of the target device.
Acceptable Values  
Default Value Port defined in the platform.

Protocol

Description The type of protocol used to connect to the target device.
Acceptable Value ssh, telnet
Default Value Protocol defined in the platform.
 
TruePrivileged Access Security11.5