PAM Configuration Change
Changing the configuration of the current PAM installation is performed using the Web Wizard. To change the configuration, you will need the backup file that was generated the last time you used the Web Wizard.
During the configuration change PAM will be unavailable. All current sessions will be terminated.
Wizard Launch
Web wizard is a web application that allows you to install, upgrade, or change the configuration of Axidian Privilege. The master is supplied as part of the PAM distribution. To use the wizard, you will need to run it in a Docker container using a special script.
The wizard must be launched on the host on which one of the PAM roles will be installed (management server or access server), otherwise attempting to install PAM will result in an error.
Download and unpack the Web Wizard distribution on your Linux machine and go to the distribution directory.
Run the command:
sudo bash run-wizard.shWait for the script to complete.
Once the script is completed, go to the URL you see in the console.
In the Authentication Code field, enter the value you see in the console after executing the script.
Code example:vVHyTVRyKX5pxUKM6e1ZgCWEnOdXFdOy.infoBy default, the code will be requested again after 2 hours, which means that all the work needs to be completed during this time.
Click Enter and proceed to work with the wizard.
Scenario
- Select PAM Configuration Change.
- Click Next.
More about scenarios
The Web Wizard is used to perform one of three scenarios:
- New PAM Installation is an Axidian Privilege installation.
- PAM Upgrade is an upgrading of all Axidian Privilege components to the new version. For example, from 2.10 to 3.0. During the upgrade PAM will be unavailable. All current sessions will be terminated.
- PAM Configuration Change is making changes to the current PAM installation. For example, changing the set of hosts. The PAM version will remain the same. During the configuration change PAM will be unavailable. All current sessions will be terminated.
Uploading a Backup File
- Upload the backup file and enter the password.
- Click Verify Backup.
- Once the verification is successfully completed, click Next.
Changing the Pre-filled Values of the Wizard
Because of the backup file you uploaded in the previous step, the wizard is pre-filled with the values of settings of your current Axidian Privilege installation. Change the desired parameters and/or set of hosts and proceed to the next step of the PAM configuration change.
Please note the limitations:
- Removing PAM from hosts that have been excluded from the host list is not implemented in the wizard. Removing PAM from hosts is done manually, without using the wizard.
- Passwords restored from a backup file cannot be viewed, but they can be changed.
Downloading a Backup File
In this step, you will need to download a new backup file, which you will need the next time you upgrade PAM to a new version or change the configuration of the current version of PAM.
- Set a password for the backup file.
- Click Download backup.
- Click Next to proceed to the next step of the wizard.
Configuration Changing
During the configuration change PAM will be unavailable. All current sessions will be terminated.
- For the Configuration change method setting, select From the wizard.
- Click Apply Changes.
- Track the process of applying changes using the progress bar. Wait until the changes are applied.
- Once the changes are complete, click Stop the wizard or run the following command in the terminal:
sudo bash stop-wizard.sh
Applying changes manually
When you choose to change the configuration manually, you will be given the option to download the PAM configuration files. These files will need to be distributed across servers manually, and the PAM deployment script will need to be run on each server separately.