We operate PAM V3.2 and PAM 4.0 at a large customer and need to move historical audit files from PAM 3.2 installation to PAM 4.0 installation.
We did successful tests with unencrypted audit data (.../audit/audit.db and.../audit/cmdctrl.db) by simply moving the .../audit directory from the PAM 3.2 server to the PAM 4.0 server. That worked and we were able to replay audited Unix session.
But we stuck with encypted audit data. Is there a procedure how to copy the historically used audit encryption keys to the new server?
Are they stored in ../audit/cmdctrl.db?
See audit encryptions settings in the screenshots attached.
Thank you!
Alex