Password consumers are applications, Windows services, and Windows scheduled tasks that use privileged accounts and service accounts to execute a script, connect to a database, or manage a Windows service, scheduled task, or RunAs command. Service accounts are internal accounts used by Windows services. For example, Windows services may use the NT AUTHORITY\LocalService service account to log in to the operating system.
Password consumers let you remove hard-coded passwords from application scripts and enforce a password policy on an endpoint. For example, you can create a password consumer for each scheduled task on a Windows endpoint, and specify that each password consumer uses the same password policy. SAM will then change the password of each scheduled task at the interval specified in the password policy.
SAM provides privileged account passwords to password consumers in the following ways:
Note: You must install CA ControlMinder on the SAM endpoint with the SAM Integration feature enabled to use password consumers that get passwords on demand.
Note: You do not need to install CA ControlMinder on the SAM endpoint to use password consumers that get passwords on password change.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|