Devolutions ForumDevolutions Forum

PAM accounts should be able to be used by Website entries

PAM accounts should be able to be used by Website entries

0 vote

avatar
sysinit

Hi,

it would be great if PAM accounts could be referenced by website entries. As I personally don't know a way to show the password of a PAM account from within RDM, I am forced to switch to DPS for checking out the PAM account, copying the password and checking in again after logging on to a website. To me this is a quite cumbersome procedure.

Regards,
Daniel

All Comments (6)

avatar
Richard Boisvert

Hello Daniel,

You can read the response in the other thread regards DVLS PAM entries:
https://forum.devolutions.net/topics/35626/pam-accounts-should-be-able-to-be-set-on-folder-level-to-allow-for-inh#156121

This will make it usable to web entries as well.

Best regards,

Richard Boisvert

avatar
Maurice Côté

Hello,

I have just posted a new response in that topic, but for the WEB entries and the 2021.3 release, most likely we will require that you have the VIEW password permission as it is simply too easy to "grab" a password from a web page.

In v2022.1, we should have a "Usage policy' layer that will allow the Vault admin to specify exactly where the Privileged Account can be used.

Best regards,

Maurice

avatar
sysinit

Hello Maurice,

there has been an incredible amount of new features implemented into DVLS and RDM, especially regarding PAM, but to me it seems that you still cannot use PAM entries in Website entries, even with Administrator privileges. I am doing a PoC at a prospect and stumbled upon the same question, why this isn't possible. Am I missing something or do we really have the same issue as four years ago?

Thank you and best regards,
Daniel

avatar
Min Destens

Hello Daniel,

Good news - this is already possible - the usage of PAM accounts for website entries is disabled by default, but it can be adjusted with the PAM usage policies

Regards,
Min

avatar
sysinit
Hello Daniel,

Good news - this is already possible - the usage of PAM accounts for website entries is disabled by default, but it can be adjusted with the PAM usage policies

Regards,
Min


@Min Destens
Hi Min,

Ha, I had the feeling I would be missing something. The thing is, the usage in Websites is already allowed, but still not working, at least in our own instance. I will check with the customer and probably open a ticket for this if it's not working there either.

Thank you for your help!

Best regards,
Daniel

1
avatar
sysinit

Unsetting and setting the checkmark for the Webbrowser Add-In and Website entries solved it. Now It's working in our instance as well.

Once again thanks for your advise!

Schönen Abend und liebe Grüße,
Daniel

1