FortiPAM
FortiPAM allows you to protect, isolate and secure privileged account credentials, manage and control privileged user access, and monitor and record privileged account activity.
rbraha
Staff
Staff
Article Id 314225
Description

 

This article describes how to change passwords for administrator users on Linux machines using FortiPAM.

 

Scope

 

FortiPAM.

 

Solution


Secrets in FortiPAM can be configured for a custom secret template to change the password of a secret. FortiPAM comes with some default password changers included by default, but custom password changers may also be created.

 

  1. Go to Secrets -> Target List -> Create, set Name and as Default Template select Unix Account (SSH Password) and specify Host IP.

 

lin1.jpg

 

  1. After the target is added, it is possible to create a secret for the Linux machine.  Go to Secret -> Secret List -> Create New Secret and on the folder, select Public or Personal. Add a Name, select the Target created above, and put the Host IP, username, and password. On Permission, select the right User Permission or the Group Permission View or Owner.

 

lin2.jpg

 

After the secret is created, it is possible to try to change the password of the administrator on Linux machine. Edit the secret created. After selecting Change Password, it is possible to choose Randomly generated Password or Customized.

 

lin3.jpg

 

In the top right corner, after the password is changed, a Password change succeeded notification will appear and under the Log & Report -> Secret -> Password Changes, the following will be visible:

 

lin4.jpg

 

From the debug logs on FortiPAM CLI:

 

lin5.jpg

 

The password change is done successfully as shown in the debug logs.

 

Debug logs for troubleshooting password changer related issues can be activated with the following:

 

diag debug en

diag wad debug enable category pwdchg

diag wad debug enable level verbose