Versions Compared

Old Version 2

changes.mady.by.user Unknown User (anastasia.antonenko)

Saved on

compared with

New Version Current

changes.mady.by.user Unknown User (anastasia.antonenko)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: New arguments are added, some arguments are renamed.

In an emergency, if the Indeed Identity PAM components fail, you can dump the privileged account passwords from the Indeed Identity PAM database.

Location of dump utility indeed-pam-windows\MISC\Dump\Pam.Tools.Dump.exe

At first, Open the utility config file indeed-pam-windows\MISC\Dump\appsettings.json and specify the access parameters for the Core database:

Database section

  • Database — DBMS provider
    • mssql Microsoft SQL Server
    • pgsql PostgreSQL, PostgreSQL Pro

  • ConnectionStrings



Divbox


Expand
titleMicrosoftSQL connection string
  • Data Source the name of the DBMS server or named instance
  • Initial Catalog — database name
  • User ID database connection account
  • Password — account's password
Code Block
languagejs
  "ConnectionString": "Data Source=sql.domain.local; Initial Catalog=IPAMCore; Integrated Security=False; User ID=IPAMSQLService; Password=password"


Warning
iconfalse

If using a Named Instance of Microsoft SQL Server, the value of the Server parameter must be specified in the Server Name\\Named instance format.

Code Block
languagejs
"PamCore": "Data Source=sql\\instance; ..."





Divbox


Expand
titlePostgreSQL connection string
  • Host — the name of the DBMS server or named instance
  • Database database name
  • Username database connection account

  • Password — account's password

  • Other options available, see the Npgsql connection string documentation
Code Block
languagejs
  "ConnectionString": "Host=sql.domain.local; Database=IPAMCore; Integrated Security=False; Username=IPAMSQLService; Password=password"




Encryption section

  • AlgorithmCore database encryption algorithm
  • KeyCore database encryption key

The utility can be executed with the following arguments:

  • decrypt-ssh-key — decrypting encrypted exported ssh key of the account
  • decrypt-password — decrypting encrypted exported password of the account
  • decrypt-secrets — decrypting credentials of accounts from specified or choosen folder
  • ssh-key sshKey — dumping the SSH key of a privileged the account, you must specify the account, for example:
    Pam.Tools.Dump.exe sshKey ssh-key --name res2\administrator
  • password — dumping the password of a privileged account, you must specify an account, for example:
    Pam.Tools.Dump.exe password --name res2\administrator
  • all-secrets — dumping all credentials to the .\Results folder, or to the specified one. Passwords will be dumped to accounts.csv file, keys will be dumped to sshKeys folder in separate files. Example command:
    Pam.Tools.Dump.exe all-secrets --output c:\temp
  • help — shows help contents — displaying more information of a specific command
  • version — displaying version information