- What is a privileged account?
- Will sessions be recorded when a privileged account is access by someone other than the system owner?
- Is there redundancy for the PAM application?
- Can I use PAM on a MAC?
- Can a system owner delegate authorization when they are away?
- Is PAM logging and auditing user access?
- Do system owners have to go through workflow to get access to privileged accounts?
- What accounts are managed by PAM?
What is a privileged account?
Privileged accounts are root and system administrator accounts
Will sessions be recorded when a privileged account is access by someone other than the system owner?
Service owners can check out privileged accounts without workflow or recording of the session. Anyone who is granted access to a privileged account through workflow, will be connected to the system without the password being given to them (e.g. SSH or RDP) and the session will be recorded.
Is there redundancy for the PAM application?
Yes. There are currently two geographically dispersed and replicated PAM servers
Can I use PAM on a MAC?
All users regardless of their OS, should connect to the terminal servers (ead-rdsp1.ead.ubc.ca and ead-rdsp2.ead.ubc.ca) when using the pam.it.ubc.ca application
Can a system owner delegate authorization when they are away?
Yes, Instruction will be in user documentation.
Is PAM logging and auditing user access?
Yes, all access will be logged, audited, and can be reported on.
Do system owners have to go through workflow to get access to privileged accounts?
No, system owners can automatically checkout a privileged account without going through workflow.
What accounts are managed by PAM?
The first release of PAM will manage Administrator on a Windows system and sysadmin and root on a Linux System. PAM has a broad variety of connectors to manage almost any privileged account. Future releases will manage a variety of other accounts such as EAD service accounts, Cisco devices, passwords in scripts, etc.