CPM plugins

CPM plugins support remote password management on the platforms set forth in this documentation. CyberArk may choose not to provide maintenance and support services for CPM plugins with relation to any of the platforms and systems which have reached their formal End-of-Life date, as published by their respective vendors from time to time. For more information, contact your CyberArk support representative.

CPM plugins are used to connect PAM - Self-Hosted to target machines in order to manage passwords. CPM plugin functionality includes:

• Changing or verifying passwords on target machines
• Updating new passwords in the Vault
• Reconciling passwords, when necessary

Different systems types have different plugins. For example, the way you log in and change a password on a Windows server is different than how you do the same thing on a Unix server.

Each plugin is associated with the relevant platform that manages the password policy setting for the specific target machine.

For information about which local user permissions are required for a plugin to run, see How local Windows user permissions may affect plugins.

PAM - Self-Hosted includes out-of-the-box plugins, which are already associated with a platform. For details, see Target account plugins and Service account plugins.

You can also download plugins from CyberArk Marketplace, or develop new plugins yourself. For details, see Create CPM plugins.

Plugin engines execute the logic of the plugin. There are three types: 

• C++ plugins
• .NET plugins. For details, see Credentials Management .NET SDK.
• Terminal and scripting. For more information, see Terminal Plugin Controller.

During the CPM hardening process, three local Windows service users are created to run the CPM service. The permission levels of these users may affect plugins, requiring changes to the plugin user permissions. For more information, see How local Windows user permissions may affect plugins.