How to enable the Key Checkout for Shared Key

Hello everyone,

I have PAM 3.2.0-4 installed in a RedHat Server, I'm trying to enable the Key Checkout for Shared Key, I followed the steps mentioned in "Privileged Account ManagerTm 3.2 Administration Guide" document without any success.

I'm looking for access to one server using a ssh key.

Could you help me please to solve this issue?.

Thanks in advance,

Regards.
  • Hey there, I suspect the issue you are having when following documentation steps is the Command you created is possibly missing "<Keys>*" as well as "KEY_SSH Key" .. Otherwise, I'll demonstrate below the required steps to configure this use-case within PAM.

    From the Enterprise Credential Vault:

    1) Create a Shared Key Domain: see Creating Shared Key Domain.

    2) Add Shared Key(s): see Adding Shared Keys.


    From the Command Control Console:

    1) Create a cmdctrl rule to enable key checkout for the shared key domain you created above: see Enabling the Key Checkout for Shared Key.

    - Command example for SSH Key type would include the following two commands:
    <Keys>*
    KEY_SSH Key

    Note: Apply this command as a rule condition to the cmdctrl rule created. For more details, please refer to Setting Conditions for a Rule.

    - CmdCtrl rule with the command rule condition(s) applied.
    Note: Other details about this cmdctrl rule configuration can be found in above link for step 1.
  • Hey there, I suspect the issue you are having when following documentation steps is the Command you created is possibly missing "<Keys>*" as well as "KEY_SSH Key" .. Otherwise, I'll demonstrate below the required steps to configure this use-case within PAM.

    From the Enterprise Credential Vault:

    1) Create a Shared Key Domain: see Creating Shared Key Domain.

    2) Add Shared Key(s): see Adding Shared Keys.


    From the Command Control Console:

    1) Create a cmdctrl rule to enable key checkout for the shared key domain you created above: see Enabling the Key Checkout for Shared Key.

    - Command example for SSH Key type would include the following two commands:
    <Keys>*
    KEY_SSH Key

    Note: Apply this command as a rule condition to the cmdctrl rule created. For more details, please refer to Setting Conditions for a Rule.

    - CmdCtrl rule with the command rule condition(s) applied.
    Note: Other details about this cmdctrl rule configuration can be found in above link for step 1.
  • Hey there, I suspect the issue you are having when following documentation steps is the Command you created is possibly missing "<Keys>*" as well as "KEY_SSH Key" .. Otherwise, I'll demonstrate below the required steps to configure this use-case within PAM.

    From the Enterprise Credential Vault:

    1) Create a Shared Key Domain: see Creating Shared Key Domain.

    2) Add Shared Key(s): see Adding Shared Keys.


    From the Command Control Console:

    1) Create a cmdctrl rule to enable key checkout for the shared key domain you created above: see Enabling the Key Checkout for Shared Key.

    - Command example for SSH Key type would include the following two commands:
    <Keys>*
    KEY_SSH Key

    Note: Apply this command as a rule condition to the cmdctrl rule created. For more details, please refer to Setting Conditions for a Rule.

    - CmdCtrl rule with the command rule condition(s) applied.
    Note: Other details about this cmdctrl rule configuration can be found in above link for step 1.