I am currently working on a POC Requirements from customer where the key requirement is to have Password Vaulting for all the Network Devices which includes Cisco,Palo Alto Firewalls,Citrix NetScalers, Cisco ASA Firewalls etc.
Expectation from Customer
- All the local users created in Network Devices password should be managed by PAM
- All the AD Users who have access to Network Devices should login to appliances in Normal Mode, but no password change should happen on the AD User Credentials
- ENABLE Level Mode / Expert Level Mode Password should be managed by PAM, and should be passed to the user on demand by the user.
- Integration with Active Directory / TACACS
- If the logged in user on the Network Device with Admin Permission changes the password manually, then PAM should override it once the user checks out.
- Password Can be changed on the Network Devices using Web Based Access of the Devices, for example the user should login --> select from the Web Page Change Password Option --> Type the current password and then Updated Password...
- List of OOB Connectors available for Network Devices