Password Management Operations¶
You can carry out certain operations like remote password resets and password changes in PAM.
Change Password¶
You can change the password of an account locally in Securden by navigating to the Accounts tab and selecting the account from the left panel whose password needs to be changed. On the right panel under the Details section, on the right side of the Password field there are three options to Show/Hide Password, Change, and Verify the password. Click on the Change password icon, a Change Password window opens.
There you can enter a new password manually or use the password generator to generate a strong password. You also need to justify the action by entering a reason. Clicking on the Change button will change the password within Securden.
The new password being created must satisfy the complexity requirements so that the strength and robustness of the password is ensured.
Note
The password complexity rules are set under the Password Policy navigating to Admin >> Password Policy
Remote Password Reset¶
With Securden, you can reset passwords of accounts on remote devices from the Accounts >> Details section in the GUI. Select the account from the left panel and click on the Details tab and then click on the Change password icon next to the Password field.
In the pop-up window, change the password and then select the checkbox Change password on remote machine.
While resetting the passwords, you can take the help of Securden’s password generator, which helps generate strong passwords. (Generate password is located beside the eye icon). Remote password reset is supported for IT assets like servers, databases, and other network devices. To reset passwords of other accounts, you need to copy the generated password and manually carry out the password reset.
Troubleshooting Tip¶
Sometimes, the password is not reset successfully if the credentials for performing remote actions are not supplied. This can be resolved by supplying the required credentials in Accounts >> Details >> Actions >> Credentials for Remote Operations.
To perform remote actions on a particular device, select an account stored in Securden with the administrator credentials to log into the remote machine. Select the account from the drop-down then click Save.
Alternatively, navigate to Admin >> Device Level Configurations and select the device type and the device name. Click the Remote Credentials button on the right pane. To perform remote actions on a particular device, specify the administrator account credentials. Select the account type, the account title, and then click Save.
Verifying Password¶
You can verify whether the password stored in Securden is in synchronization with the remote asset. To check if the password stored in Securden is the same as the actual password on the remote asset, click the Verify icon.
Troubleshooting Tips¶
If the verification fails, probable reasons are displayed to help you troubleshoot. Some of the common scenarios include:
- Credential mismatch between Securden and the target machine – One of the reasons of a password mismatch could be the fact that when the machine was imported into Securden, the password of the remote machine could have either been changed by selecting Use username itself as password during the account discovery process or the password on the remote device was changed manually by directly accessing it.
- Inadequate remote connection privileges – To verify the password, Securden initiates a remote connection to the target asset. For a user to verify the credentials, they need certain remote connection permissions. You need to provide these privileges to them for the required operating systems before they can verify credentials from PAM.
- The machine does not exist – The remote machine is offline or does not exist.
- The following firewall exceptions have not been made – The following default firewall ports should have been opened in the firewall to establish the respective connection:
- SSH-22
- RDP - 3389
- SQL - 1433
Password History¶
You can view all the password changes performed on a particular account from this section of the GUI. This section details the information related to who changed the password, when was the password changed, and the reason for the change. Additionally, you can also perform a filter and search for historical password changes based on attributes such as Modified On, Modified By, and Reason.
Note
The historical data related to password changes of an account are stored indefinitely.