Managing vCenter [email protected] with UNIX target application
Article ID: 384434
Updated On:
Products
Issue/Introduction
The vCenter administrator account [email protected] is not an OS user and cannot be managed by the default UNIX target application. But the password can be updated with binary vdcadmintool, and it can be verified using a curl command that starts a session, which then can be deleted using another curl command. Given that password management is possible by running commands from a login shell, can such accounts be managed by PAM using a customized UNIX target application, rather than writing a completely new custom connector?
Resolution
It is possible to manage this account with custom UNIX target application scripts for password verifications and updates. Since the account cannot be used to connect to the vCenter server, the root account would have to be configured in PAM, and the [email protected] account would be configured to have its password updated and verified by the root account:
If you want to pursue this option, but are not familiar with customization of the scripts used by UNIX target applications yet, contact PAM Support to get you started. Per information near the bottom of documentation page Add a UNIX Target Connector, once you have custom scripts in place, you are responsible for the operation between the target application and the target endpoint.
Feedback
