The SSH Device type lets you manage privileged UNIX accounts.
Important! Before you configure a SAM SSH endpoint, disable tunneled clear text passwords on the endpoint before you configure the endpoint settings.
When you create devices of this type, provide the following information so that CA ControlMinder Enterprise Management can connect to the device:
Defines the name of an administrative user of the endpoint. SAM uses this account to perform administrative tasks on the endpoint, for example, to connect to the endpoint, discover accounts, and change passwords.
Note the following points:
If you specify the Advanced option, SAM does not use the User Login account to perform administrative tasks. Instead, SAM uses the specified privileged account to perform administrative tasks on the endpoint. If you specify an operation administrator account, SAM uses that account to perform administrative tasks on the endpoint.
Defines the password of the administrative user of the endpoint.
Defines the host name of the endpoint.
Specifies to use Telnet rather than SSH to connect to the SSH device.
(Optional) Defines the name of an operation administrator user of the endpoint. SAM uses this account to perform administrative tasks on the endpoint, for example, discovering and changing the password of privileged accounts. If you do not specify an operation administrator user, SAM uses the User Login account to perform administrative tasks on the endpoint.
If you specify an operation administrator user for an SSH endpoint that uses a Check Point firewall, specify the expert user. However, you cannot use SAM to change the password for the expert account on the endpoint. This restriction means that the expert account must be a disconnected account in SAM.
(Optional) Defines the password of the operation administrator user.
Specifies the name of the SSH Device XML configuration file. You can customize the XML files according to your needs.
Note: If you do not specify a value for this field, CA ControlMinder Enterprise Management uses the ssh_connector_conf.xml file.
Specifies whether you want to use a privileged administrative account to perform administrative tasks on the endpoint, for example, to connect to the endpoint, discover accounts, and change passwords. For example, you can specify a privileged domain account that can perform administrative tasks on multiple endpoints.
If you specify this option, SAM does not use the User Login account to perform administrative tasks.
Specifies whether to disable the exclusive sessions check on this endpoint. When selected, SAM does not check for open sessions on the endpoint.
Specifies to block break-glass check-out action on exclusive accounts.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|