Imprivata Privileged Access Management Product Update 2.3.201908102242

August 10, 2019

PAM Update: Added silent installer for Linux platforms and generation of admin password during installation

This update adds a silent installer for Linux platforms, adds the option to generate admin passwords during installation and improves the configuration of the four-eyes dual control option for administrators.

Added silent installer for Linux platforms

Silent installer for Linux platforms accepts command line parameters as configuration options for the specific deployment replacing interactive communication with the user using the options provided in the command line.

With all options required to complete the installation specified in the command line, the installation completes automatically without operator attention.

The options also include destination location and the file to store generated credentials.

Command line parameters could be used to supplement interactive installation or to facilitate automated deployment.

 

Silent installer option is useful for deployment automation and repeat-ability in large environments, elastic provisioning of new systems in the cloud or closed data-center environments and cleaner separation of system ownership, administration and deployment roles by limiting exposure of sensitive system keys and passwords.

The silent installer for Linux platforms includes the following parameters:

  • -eula – Accept EULA
  • -db – install the embedded database
  • -nodb Oracle|MSSQL|MySQL|PostgreSQL SERVER USER PASSWORD – connect to external database
  • -dir – install Directory Services
  • -nodir SERVER PASSWORD – connect to external Directory Services
  • -gui – install the application GUI
  • -nogui – install the application without GUI component
  • -worker – install the application Worker process
  • -noworker – install the application without Worker process
  • -session – install session manager
  • -nosession – install the application without a session manager
  • -cas – install Federated Sign-In Module
  • -nocas – install the application without Federated Sign-In Module
  • -ldap SERVER USER PASSWORD – connect to LDAP during installation
  • -noldap – do not connect to LDAP during installation
  • -sso MANAGED-PATH – configure SSO access through Managed Path
  • -nosso – disable SSO access
  • -folder – automatically confirm current folder
  • -admin LOGIN FIRST_NAME LAST_NAME PASSWORD|GENERATE – initial system administrator
  • -location INSTALLATION_FOLDER – installation folder
  • -output FILE – file output for generated keys and passwords
  • -help – prints this message

Below is the example of command line arguments to automatically install the system with default options selected into the folder /opt/xtam, create a system administrator user with generated password and save the generated passwords and keys into the file xtam.info:

Copy
./XtamSetup.sh -eula -db -dir -gui -worker -session -noldap -admin xtamadmin System Administrator GENERATE -nocas -nosso -folder -location /opt/xtam -output xtam.info

Added the option to generate a system administrator password during the system installation

The option to generate system administrator passwords during the system installation facilitates cleaner separation of system ownership, administration and deployment roles by limiting exposure of sensitive system keys and passwords.

Improved configuration of four-eyes dual control option for administrators

Dual control option for administrators allows to restrict or enforce peer-review workflow for administration functions. This option facilitates limiting super-user control.

Enabling this option restricts system administration access even to disable this option.

The new update adds some measures for system administrators to prevent locking themselves when they enable dual control options in case it is not a desirable outcome.

The new update also adds an option to unblock the dual control option for the users in a possession of a system master key.