[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Why does PAM exist?
Hi Martin, This is an elaboration on my answer to your question during the TC conference call: why does Privileged Access/Account Management exist? IMO, the simple answer is that PAM exists because superuser accounts exist. Superuser accounts tend to be shared accounts used by a number of administrators who all know the password. One problem with this is ensuring that only the right people know the current password as the composition of the group of administrators changes over time. If someone leaves the group then the password should be changed and all the remaining group members informed, but that is easier said than done and often skimped. Another problem is monitoring and auditing what individual administrators are doing. Since they are all using the same login credentials we can't associate any particular action with any particular person. A PAM solution addresses these problems by changing the privileged account password for each session (and keeping it hidden) and recording who created the session and the actions they performed because the administrators log in to the PAM solution as themselves. The shared superuser account is the essential problem. The obvious alternative is to have the administrators authenticate using individual identities and to manage the access controls to give each administrator the access they need. When an administrator leaves, their account can be disabled/removed (by another administrator with the access rights to do so) and, assuming all user actions are recorded, we know who did what when. We still need a way to bootstrap the initial identities and access controls and this is something that a superuser account has traditionally been used for. However, there has been a tendency to attach all sorts of administrative activities with the superuser account, to the extent that some administrative actions can only be performed by the superuser account. A reason applications might do this is to avoid having to address managing access rights for administrative activities. So inadequate or non-existent support for managing access rights for administrative actions forces administrative users to use a common superuser account and, consequently, PAM is a thing. At least, that's the way I see it. Regards, Steven
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]