Checking for New Users
Kron PAM can check for new local users on target systems, database users and LDAP users on Active Directory created after the Password Vault-SAPM configuration of that system. This feature secures unwanted connections. If there is a local user created on the target system, other than a Kron PAM Password Vault user, this could create a backdoor to the system - anybody can log in to the system using this local user and the session will not run over Kron PAM. In addition, the groups belonging to local accounts on the system are also displayed, exposing the user groups.
To prevent this, Kron PAM checks for new local users created on the target device and notifies the admin if any are detected. The admin can then take manual action, like deleting the user from the system or adding the user to Kron PAM’s Password Vault/SAPM. To do this:
- Navigate to SAPM Management > SAPM Management.
- Click the Search button.
- After the accounts are listed, click the Options button for one of the accounts.
- Select Check New Users from the menu.
SAPM will check the users and a pop-up window will inform the user about the process. After that, the new user list can be viewed. To check for new users:
- Open the New Users Log tab.
- Fill in the fields used to filter the search.
- Click Search.