View Source

In an emergency, if the PAM components fail, you can dump the privileged account passwords from the PAM database.

Location of dump utility \MISC\PasswordDump\Pam.Tools.Dump.exe

At first, Open the utility config file \MISC\PasswordDump\appsettings.json and specify the access parameters for the Core database:

Database section

Database - DBMS provider
- mssql - Microsoft SQL Server
- pgsql - PostgreSQL, PostgreSQL Pro
ConnectionStrings

Data Source - the name of the DBMS server or named instance
Initial Catalog - database name
User ID - database connection account
Password - account's password

  "ConnectionString": "Data Source=sql.domain.local; Initial Catalog=IPAMCore; Integrated Security=False; User ID=IPAMSQLService; Password=password"

If using a Named Instance of Microsoft SQL Server, the value of the Server parameter must be specified in the Server Name\\Named instance format.

"PamCore": "Data Source=sql\\instance; ..."

Host - the name of the DBMS server or named instance
Database - database name
Username - database connection account
Password - account's password

  "ConnectionString": "Host=sql.domain.local; Database=IPAMCore; Integrated Security=False; Username=IPAMSQLService; Password=password"

Encryption section

Algorithm - Core database encryption algorithm
Key - Core database encryption key

The utility can be executed with the following arguments:

sshKey - dumping the SSH key of a privileged account, you must specify the account, for example:
Pam.Tools.Dump.exe sshKey --name res2\administrator
password - dumping the password of a privileged account, you must specify an account, for example:
Pam.Tools.Dump.exe password --name res2\administrator
secrets - dumping all credentials to the .\Results folder, or to the specified one. Passwords will be dumped to accounts.csv file, keys will be dumped to sshKeys folder in separate files. Example command:
Pam.Tools.Dump.exe secrets --output c:\temp
help - shows help contents