Password History - Hitachi ID Privileged Access Manager
Error checking is implemented to guard against a password being set
before the Hitachi ID Privileged Access Manager server is able to store the password value -- i.e.,
a workstation or server can never get a new password for a privileged
account while Privileged Access Manager is unable to store the password.
Consider a laptop on which the local Privileged Access Manager service
determines that the time has come to change passwords:
If it simply changes passwords and then attempts to contact a central
server to upload the new value, it may not manage to connect to
Privileged Access Manager and consequently must either undo the password change
or store the new password and periodically test for connectivity, in
the hopes that the new password can be uploaded before anyone needs
to use it.
To avoid this problem, Privileged Access Manager's "local service mode" mode of operation
(used on laptops) works as follows:
- First, the laptop service connects to Privileged Access Manager
and asks it to generate a new, random password for a
- The laptop service then changes the password in the local security
database and sends a confirmation message to Privileged Access Manager.
- Privileged Access Manager updates the password in its vault and replicates
the update to all other Privileged Access Manager servers.
In the event that the Privileged Access Manager server did not receive a confirmation
message -- for example in the event that the workstation was suddenly
turned off or disconnected -- it will retain both the old and new
passwords. The new password is assumed to be current and the old
password is archived.
In practice, as a fail-safe, all old passwords are retained in the
vault. This is not only to support a fail-safe password change process,
but also to be able to retrieve old password values in the event
that a managed system is restored from archive media in the
- Randomize Privileged Passwords:
Privileged Access Manager periodically randomizes passwords on privileged accounts.
- Launch Privileged Login Sessions:
Privileged Access Manager launches login sessions to privileged accounts subject to access control policies and/or workflow approvals.
- Limit Concurrent Administrator Logins:
Privileged Access Manager controls how many people can sign into the same privileged account at the same time using a checkout/checkin process.
- Record Administrator Logins:
Privileged Access Manager can record the login sessions it launches for users to sign into privileged accounts. These recordings are both a forensic audit trail and a knowledge sharing resource.
- Password History:
Privileged Access Manager captures a full history of passwords for privileged accounts. This is useful when recovering servers and databases from backup media.
- Audit Logs and Reports:
Login sessions to privileged accounts are logged by Privileged Access Manager and visible in reports. This makes administrators accountable for changes they may make to systems and applications.
- Eliminate Embedded Passwords:
Privileged Access Manager allows organizations to eliminate static, plaintext passwords embedded in applications. An API allows applications to secure acquire credentials to other applications on demand.
- Change Service Account Passwords:
Privileged Access Manager periodically changes passwords for accounts used to run Windows services and notifies appropriate OS components, such as service control manager and scheduler, of the new password value.