Password heartbeat via sudo
2 votes
Hi, currently heartbeat of passwords is done using credentials from PAM Account but change using credential linked with provider. In case when account is disabled for networked login (ex. root account on Linux when SSHD has PermitRootLogin set to no) it is no possible. There could be a checkbox on account entry level and/or provider level that will switch to "sudo mode". In such mode Heartbeat would be processed in two fazes. First login to system with provider account, and than check password from PAM Account.
Regards
Mateusz
All Comments (3)
Hi Mateusz,
Just to understand your request better, do you currently use a regular user to connect via SSH and then once connected you su to the privileged account?
Cheers,
Luc Fauvel
My case is little different, but what you write could be also a case. Generally I have local linux accounts which password needs to be rotated and saved. So in Devolution Server the PAM linux provider is a solution. Currently it can't do password verification, because in tires to login using SSH but it is blocked for these accounts. So like during change password is used technical account linked with provider it also should be used during verification, just to connect to system via ssh, and than check password of local account with ex. "su - <<pam account name>>".
Thank you for your feedback, I'll discuss with the team what the best direction is and we'll keep you updated.
Cheers,
Luc Fauvel