New Member.

PAM integration with Radius Server(Cisco ios)


I have installed PAM 3.2 on my Linux server. I want to configure one of my radius server inside PAM manager for monitoring and giving privilege to specific user.

1. Is it possible to configure ? if yes please share KB or document to do so.
2. Can we monitor Linux server without installing the agent.

Please guys really need help
1 Reply
Micro Focus Expert
Micro Focus Expert

The following link details the Agent vs Agentless approaches and tradeoffs for privileged access in PAM:

I don't know a lot about radius, but I think you could do SSH Relay, which is an Agentless approach. Essentially, you add an SSH Account Domain in PAM for the server with the appropriate privileged account / credentials. Then add a CmdCtrl rule that enables certain users access to this SSH Account Domain as the privileged account. And adding the SSH Session command to the CmdCtrl Rule Conditions. This should still capture keystroke audits, etc.

Take a look at Policy Templates in PAM, it may help you get a start on this use-case by seeing an example template policy of some objects being imported into PAM.
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.