AnsweredAssumed Answered

Prevent users from change privileged accounts passwords after they log in

Question asked by asinisi on Mar 23, 2018
Latest reply on Mar 23, 2018 by voged01

Hi there,

 

I'm using PAM 3.1.1 and I have a doubt.

 

If I configure an automatic login (with SSH Applet) to allow, for example, a user to log into a server with root account, this user just have to click on SSH button on his access page, with no need to check nor insert the root password, since root account credentials are stored and hidden.

 

But if the user is root on the server, he can change own (and any other PAM managed account) password, so that automatic login won't work anymore, since the password stored by PAM is different from the one existing on the server.

 

I have same the same doubt above windows-based accounts management.

If I use PAM to make a user login as an Administrator, how can I forbid him to change Administrator password or, worst, the PAM Proxy log on account password, supposing I don't want it to run as LocalSystem?

 

Is there any way to prevent users from change account password?

 

Thanks for helping me,

 

Best regards,

Alessia

Outcomes