achinayoung_wau Respected Contributor.
Respected Contributor.
920 views

Multiple application credentials for checkout

We have PAM 3.2 installed and are currently configuring it. How does one manage multiple credentials for a single application? For example, the Microfocus Filr application has an admin account accessed via http://<host>:8443 and a vaadmin account accessed via http://<host>:9443. Should I create separate account domains for each in the Credential Vault or one account domain with multiple credentials?

If the latter (one account domain with multiple credentials), how do I do this? Consider the following account domain with two credentials:


If I connect to https://<fmconsole>/myaccess and click on the Applications Tab and checkout Application_Filr, I see the following:


Notice that even though there are two credentials in the first image, only the second is shown when the credential is checked out. If I add more credentials, only the last is displayed, not all the credentials added for the particular applications domain. Is this how things are supposed to work? Page 210 of the admin guide has a section titled "Adding Shared Account Credentials in the Account Domain" which seems to indicate that all credentials should be made available when checked out, not just the last entered. Is this a bug?
0 Likes
4 Replies
AutomaticReply Absent Member.
Absent Member.

Re: Multiple application credentials for checkout

achinayoung,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

These forums are peer-to-peer, best effort, volunteer run and that if your issue
is urgent or not getting a response, you might try one of the following options:

- Visit https://www.microfocus.com/support-and-services and search the knowledgebase and/or check
all the other self support options and support programs available.
- Open a service request: https://www.microfocus.com/support
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.microfocus.com)
- You might consider hiring a local partner to assist you.
https://www.partnernetprogram.com/partnerfinder/find.html

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.microfocus.com/faq.php

Sometimes this automatic posting will alert someone that can respond.

If this is a reply to a duplicate posting or otherwise posted in error, please
ignore and accept our apologies and rest assured we will issue a stern reprimand
to our posting bot.

Good luck!

Your Micro Focus Forums Team
http://forums.microfocus.com



0 Likes
kprajesh Absent Member.
Absent Member.

Re: Multiple application credentials for checkout

1. At a time a user can checkout one account only from an AccountDomain.
2. Please note that the admin account needs to be set as the default credential on your accountDomain 'Application_filr'. This admin account would be used to reset the password of the checkout user, in your case vaadmin, once you checkin the account.
3. You can add multiple credentials to the domain. The ones that are not checked-out will be available for other users to checkout and use.
0 Likes
achinayoung_wau Respected Contributor.
Respected Contributor.

Re: Multiple application credentials for checkout

Ok. The Microfocus Filr application has a separate "admin" password for the Filr server on port 8443 and a separate "vaadmin" password for the Filr server on port 9443. What is the best way to store this and make available to admins in PAM?

And what about UNIX root passwords or local Windows Administrator passwords? How should these be added to PAM?
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Multiple application credentials for checkout

Since an admin will need specific access to each credential and the types of these admin accounts are used for different purposes (:8443 vs :9443), then I think it would make sense to create separate Account Domains, one for each service. Do you plan to do any Password Reset script for this? I am not sure if a Credential is required to be set or not, but if one is selected, then that credential will never be allowed for checkout, as it is reserved for checkin purposes and password reset. So if you did configure some Password Reset script, you would need at least two credentials for each account domain, one that is checked out and another that is reserved by PAM as a "proxy" user to checkin and reset the password. If you do happen to create a password reset script for Filr, please do share! 😉
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.