Distinguished Name |
For LDAP platforms, enter the fully qualified distinguished name (FQDN) for the service account.
For example: cn=dev-sa,ou=people,dc=example,dc=com |
Service Account Distinguished Name |
Browse to select the service account for Safeguard for Privileged Passwords to use for management tasks. When you add the asset, Safeguard for Privileged Passwords automatically adds the service account to Accounts. For more information, see About service accounts.
Required except for LDAP platforms, which use the Distinguished Name. |
Password |
Enter the service account password used to authenticate to this asset.
Limit: 255 character |
Privilege Elevation Command |
If required, enter a privilege elevation command (such as sudo). This is used as a prefix for commands that require privileged access on the system and to manage accounts on Unix-based systems; that is, to check and change SSH keys and to discover accounts.
Sudo commands follow.
Specify a program to look up the user's public keys
- cat
- chmod
- chown
- chuser
- cp
- dscacheutil
- dscl
- echo
- egrep
- find
- grep
- host
- ls
- mkdir
- modprpw (hpux only)
- mv
- psswd
- pwdadm
- rm
- sed
- sshd
- ssh-keygen
- tee
- test
- touch
- usermod
When adding an asset, this command is used to perform Test Connection. For more information, see About Test Connection.
The privilege elevation command must run non-interactively, that is, without prompting for a password. For more information, see Preparing Unix-based systems.
The limit is 255 characters. |
Privilege Level Password |
Enter the Enable password to allow access to the Cisco configuration. |
Auto Accept SSH Host Key |
This check box is selected by default indicating that Safeguard for Privileged Passwords automatically accepts an SSH host key. This option is not available for all platforms.
Once the SSH host key is discovered, the SSH host key fingerprint is displayed.
When an asset requiring an SSH host key does not have one, Check Password will fail. For more information, see Connectivity failures. |
Test Connection |
Click this button to verify that Safeguard for Privileged Passwords can log in to this asset using the service account credentials you have provided. For more information, see About Test Connection. |
Service Account Password Profile |
Click Edit to add the profile or — Remove to delete the assigned profile. Available profiles are based on the partition selected on the General tab (asset discovery). To update the profile later, go to the service account and update the profile. For more information, see Properties (account). |
Service Account SSH Key Profile |
Click Edit to add the profile or — Remove to delete the assigned profile. Available profiles are based on the partition selected on the General tab (asset discovery). To update the profile later, go to the service account and update the profile. For more information, see Properties (account). |
Use SSL Encryption |
Select this option to enable Safeguard to encrypt communication with this asset. If you do not select this option for a MicrosoftSQL Server that is configured to force encryption, Test Connection will use untrusted encryption and succeed with valid credentials. For more information about how Safeguard database servers use SSL, see How do Safeguard for Privileged Passwords database servers use SSL |
Verify SSL Certificate |
Use this option to enable or disable SSL Certificate verification on the asset. When enabled, Safeguard for Privileged Passwords compares the signing authority of the certificate presented by the asset to the certificates in the Trusted CA Certificates store every time Safeguard for Privileged Passwords connects to the asset. Trust must be established for Safeguard for Privileged Passwords to manage the asset. For Safeguard for Privileged Passwords to verify an SSL certificate, you must add the asset's signing authority certificate to the Trusted CA Certificates store. Only clear the Verify SSL Certificate option if you do not want to establish trust with the asset. |
As Privilege |
Specify the Oracle privilege level to use when connecting with the selected Oracle service account, if required. The Oracle SYS account requires the privilege level SYSDBA or SYSOPER. For details, see the Oracle document, About Administrative Accounts and Privileges and SYSDBA and SYSOPER System Privileges. |
Instance/Service Name |
For SQL Server platforms, specify the Instance name if you have configured multiple instances of a SQL Server on this asset. If you have configured a default (unnamed) instance of the SQL Server on the host, you need to provide the IP address and port number.
For Oracle platforms, use the TNSNAMES naming method to identify the target system in Oracle. Depending on how the Oracle environment is configured, the Instance (also called SID in Oracle) and/or the Service Name (ServiceName) can be used to identify the target database. |
Workstation ID |
Specify the configured workstation ID, if applicable. This option is for IBM i systems. |
Port |
Enter the port number on which the asset will be listening for connections.
Default: port 22; port 1433 for SQL server; port 8443 for SonicWALL SMA or CMS appliance. |
Connection Timeout |
Enter how long to wait (in seconds) for both the connect and command timeout.
Default: 20 seconds |