Dear Team,
We need to store passwords for critical systems (as a password repository). Can we use the T-PAM manager to achieve this?
Dear Team,
We need to store passwords for critical systems (as a password repository). Can we use the T-PAM manager to achieve this?
You could configure as normal and just turn password management off or select the platform type as "Other". This platform type has no password management associated with it.
You can then assign…
Hi Jafar
Why do you want to add a functional account in the connection information section? I thought you said you did not wish to manage passwords.
Platform type "Other" does not support password management…
Hi Jafar
Do you mean you need to store passwords without managing them but still controlling who has access to them?
If so yes you can use TPAM to do this but from a security point of view you are then storing static passwords which is quite a big risk.
As you have TPAM far better to allow it to properly control access to passwords and carry out a reset after any use where the password has been seen.
Tim
where i can store the password in TPAM without managing it?
Yes exactly we required like this.
You could configure as normal and just turn password management off or select the platform type as "Other". This platform type has no password management associated with it.
You can then assign users via your permission model as for any other account.
However I must stress that this is not a recommended best practice. Once a password is know the need for the TPAM vaulted passwords is negated. Auditors do not like static passwords of this type.
As you say these are critical systems you should therefore consider using this method very carefully before deploying.
Tim
I am trying to store passwords. but facing some issue.
Procedure - I have added one system .
System name - windows.
IP - 172.16.1.1
Platform:- Other.
When i select the platform other the connection option is grey out so my question is from where i need to enter the password and where i can store.
If needed from where i can retrieve the same password.
Hi Jafar
Why do you want to add a functional account in the connection information section? I thought you said you did not wish to manage passwords.
Platform type "Other" does not support password management so does not give the ability to add a functional account You just need to supply a name and some sort of network address. In the case of platform type "Other" this could even be "Unmanaged_Passwords" It does not have to be a real network address.
The accounts you add could be from multiple systems as long as you identify them as such.
If you do wish to manage passwords then you will need to select the correct platform type and then add the functional account details in the connection section.
If you do not wish to manage passwords then just provide the system details and then add the accounts you wish to store to that system and permission them as for any other account. IE direct permission or via a collection containing the system or the account.
Best regards
Tim
It is working now, thanks.
It is working now, thanks.