When you create an endpoint, you specify the administrator account that SAM uses to connect to the endpoint and perform administrative tasks, such as discovering and changing the password of privileged accounts. For UNIX accounts, the most suitable administrator account is often root. However, SAM uses SSH to connect to UNIX endpoints, and some organizations prohibit users and applications from making SSH connections as the root user.
To overcome this problem, you can specify both a connection account and an operation administrator account when you create an SSH Device endpoint. (SAM uses SSH Device as the endpoint type for UNIX endpoints.) Using two accounts also lets you use a connection account that has fewer privileges than the operation administrator account.
The following process explains how SAM uses these accounts to connect to an SSH Device endpoint:
For example, if the operation administrator account is root, SAM uses the root credentials to su to root.
For example, if the operation administrator account is root, SAM performs administrative tasks as root.
When you view the privileged accounts on an SSH Device endpoint, both the connection and the operator administrator account are listed as endpoint administrator accounts.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|