这是PSMP服务器的一些管理任务。

  • 查看博客中的所有帖子
  • 信息安全备忘录»评论提要
  • PSMPAPP_帐户身份验证失败并且PSMP已断开连接

查看博客中的所有帖子

/etc/init.d/psmpsrv {start|stop|restart|status} [{psmp|psmpadb}]

将远程SSH用户添加到PSMP服务器

默认情况下,只有root用户可以从控制台登录。其他用户将触发PSMP服务使用特权帐户登录远程服务器, 如以下屏幕截图所示。

这是使新用户能够远程登录PSMP服务器以执行管理工作的简单步骤。

1 将远程SSH用户添加到PSMP服务器 鲍勃·麦克马洪 自豪地采用WordPress

2 Cyber​​Ark EPM从V11.0升级到V11.5
PSMP_MaintenanceUsers<username>,<username>

此示例将允许以下管理用户:user1,以“ user2”结尾的所有用户,以“ user3”开头的所有用户以及包括“ user4”的所有用户。
PSMP_MaintenanceUsers<user1>,<*user2>,<user3*>,<*user4*>

3 保存更改并关闭sshd_config配置文件。 

4 创建一个新用户并将其分配给车轮组
博客博客
分享这个:
Cyber​​Ark PAS Lab v10.10

5 重新启动sshd服务,以使这些更改生效:
/etc/init.d/sshd restart 
5 点击分享到Facebook 网络 在Windows中查看所有帖子



的Linux //docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Administrating-the-PSMP.htm?Highlight=PSMP%20administration

PSMPAPP_帐户身份验证失败并且PSMP已断开连接



[[email protected] conf]# vi /etc/opt/CARKpsmp/conf/basic_psmpserver.conf
[Main]
PSMPServerVaultFile="/ etc / opt / CARKpsmp / vault /vault.ini"
PSMPServerCredFile="/ etc / opt / CARKpsmp / vault /psmpappuser.cred"
PSMPServerGWCredFile="/ etc / opt / CARKpsmp / vault /psmpgwuser.cred"
LogsFolder="/var/opt/CARKpsmp/logs"
LocalParmsFileFolder="/var/opt/CARKpsmp"
TempFolder="/var/opt/CARKpsmp/temp"
PSMPConfigurationSafe="PVWAConfig"
PSMPConfigurationFolder="Root"
PSMPPVConfigurationFileName="PVConfiguration.xml"
PSMPPoliciesConfigurationFileName="Policies.xml"
PSMPServerId="PSMPServer"
PSMPTempFolder="/var/opt/CARKpsmp/temp"
我们将需要重置psmpappuser.cred文件和Vault psmpapp_psmp密码。
C:\CyberArk\Password Vault Web Access\Env>CreateCredFile.exe psmpappuser.cred
Vault Username [mandatory] ==> PSMPAPP_psmp
Vault Password (will be encrypted in credential file) ==> *********
Disable wait for DR synchronization before allowing password change (yes/no) [No
] ==>
External Authentication Facility (LDAP/Radius/No) [No] ==>
Restrict to Application Type [optional] ==>
Restrict to Executable Path [optional] ==>
Restrict to current machine IP (yes/no) [No] ==>
Restrict to current machine hostname (yes/no) [No] ==>
Restrict to OS User name [optional] ==>
Display Restrictions in output file (yes/no) [No] ==>
Use Operating System Protected Storage for credentials file secret (Machine/User
/No) [No] ==>
Command ended successfully

C:\CyberArk\Password Vault Web Access\Env>CreateCredFile.exe psmpgwuser.cred
Vault Username [mandatory] ==> PSMPGW_psmp
Vault Password (will be encrypted in credential file) ==> *********
Disable wait for DR synchronization before allowing password change (yes/no) [No
] ==>
External Authentication Facility (LDAP/Radius/No) [No] ==>
Restrict to Application Type [optional] ==>
Restrict to Executable Path [optional] ==>
Restrict to current machine IP (yes/no) [No] ==>
Restrict to current machine hostname (yes/no) [No] ==>
Restrict to OS User name [optional] ==>
Display Restrictions in output file (yes/no) [No] ==>
Use Operating System Protected Storage for credentials file secret (Machine/User
/No) [No] ==>
Command ended successfully

C:\CyberArk\Password Vault Web Access\Env>

WINSCP将这两个文件上传到PSMP服务器以替换位于 / etc / opt / CARKpsmp / vault /

控制PSMPSRV服务

PrivateARK Server控制台中有两个相关的错误:

  • ITATS528E来自站的用户PSMP_ADB_psmp的身份验证失败
  • ITATS433E IP地址192.168.2.27对于PSMP_ADB_psmp已暂停
[[email protected] conf]# cat /etc/opt/CARKpsmpadb/conf/basic_psmpadbridge.conf
[Main]
AppProviderParmsSafe="PSMPADBridgeConf"
AppProviderVaultParmsFolder=Root
AppProviderVaultParmsFile="main_psmpadbridge.conf.linux.11.04"
AppProviderVaultFile="/ etc / opt / CARKpsmp / vault /vault.ini"
AppProviderCredFile="/etc/opt/CARKpsmpadb/vault/psmpadbridgeserveruser.cred"
LogsFolder="/var/opt/CARKpsmpadb/logs"
LocalParmsFileFolder="/var/opt/CARKpsmpadb"
TempFolder="/var/opt/CARKpsmpadb/tmp"
AdvancedFIPSCryptography="No"
PIMConfigurationSafe="PVWAConfig"
PIMConfigurationFolder="Root"
PIMPVConfigurationFileName="PVConfiguration.xml"
PIMPoliciesConfigurationFileName="Policies.xml"

激活用户PSMP_ADB_psmp并更新其密码。

C:\CyberArk\Password Vault Web Access\Env>CreateCredFile.exe psmpadbridgeserveru
ser.cred
Vault Username [mandatory] ==> PSMP_ADB_psmp
Vault Password (will be encrypted in credential file) ==> *********
Disable wait for DR synchronization before allowing password change (yes/no) [No
] ==>
External Authentication Facility (LDAP/Radius/No) [No] ==>
Restrict to Application Type [optional] ==>
Restrict to Executable Path [optional] ==>
Restrict to current machine IP (yes/no) [No] ==>
Restrict to current machine hostname (yes/no) [No] ==>
Restrict to OS User name [optional] ==>
Display Restrictions in output file (yes/no) [No] ==>
Use Operating System Protected Storage for credentials file secret (Machine/User
/No) [No] ==>
Command ended successfully
[[email protected] vault]# cp /home/root1/psmpadbridgeserveruser.cred .
cp: overwrite ‘./psmpadbridgeserveruser.cred’? y
[[email protected] vault]# /etc/init.d/psmpsrv restart
Stopping PSM SSH Proxy....
PSM SSH Proxy was stopped successfully.
Starting PSM SSH Proxy...
PSM SSH Proxy was started successfully.
PSMP ADBridge is already stopped.
Starting PSMP ADBridge...
PSMP ADBridge was started successfully.
[[email protected] vault]#

它还可以使用注册工具覆盖在Vault中创建的环境:
//docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PAS%20INST/PSMP_EnivromentManager.htm

建议将默认的PSMAppUser和PSMPGWUser参数值更改为唯一值,以防止覆盖以前的安装。
/opt/CARKpsmp/bin/envmanager "CreateEnv" -AcceptEULA "Y" -CredFile "/tmp/user.cred" -PSMPAppUser "PSMPAppUser_PSMP1" -PSMPGWUser "PSMPGWUser _PSMP1"

By 其他

2014年5月