Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

Linux Workloads: Issues with PAM Enablement and Credential sessions

sureverma
New Contributor
New Contributor

Hi all,

We have successfully onboarded on-premises Linux workloads, including RHEL 9 and Ubuntu. We have created sharable accounts, namely "cpam_credentialless" and "cpam_credentials," on both UNIX machines. On EP accounts have been pambootstraped and imported successfully.

However, for Ubuntu, only the "cpam_credentialless" account has been pam-enabled, while the "cpam_credentials" change password task has failed with the following error: "Failed - Failed to store PublicKey in target... setting pemPrivateKey as null | Successfully changed password for account."

On the other hand, for RHEL 9, the "cpam_credentials" account has been pam-enabled, but the "cpam_credentialless" change password task has failed with the following error: "Failed - Successfully deleted SSH key for account | Failed to change password for account."

We are experiencing difficulties in submitting the credential/credentialless access for the above targets, as we are receiving the error message: "Your request can't be submitted at this time. Try again later, or contact your administrator."

If anyone has encountered a similar issue or knows of a workaround, we would greatly appreciate your assistance.

 

Regards,

Suresh

2 REPLIES 2

sureverma
New Contributor
New Contributor

Hi all,

For RHEL 9, both credential-based and credential less access are now functioning properly. However, we are encountering password/SSH key issues specifically with Ubuntu. The key/password generated on Saviynt is not being accepted by the target Ubuntu system, despite enabling backward compatibility on both servers. While the authentication key works for the master connection, it fails during the JIT (Just-in-Time) session. Additionally, our logs indicate that the key is not being accepted on Ubuntu.

Regards,

Suresh

NageshK
Saviynt Employee
Saviynt Employee

@sureverma For the benefit of others in forums, please share the details of what fixed the issue with RHEL 9. I believe it is the permissions issue with the master account, but please confirm. 

And for the ubuntu server, please share the logs (after removing any sensitive information) where it says the key is not being accepted.

Thanks,

Nagesh K