Storing Master Password on Separate Server
For additional security, PAM provides a simple method for storing your Master Password (what is the Master Password?) key on a separate host.
If you are considering this approach, then the following describes the method to configure this setup during installation.
Pre-requisites
- At least two servers, one to store the master password and the other for the PAM installation.
- Encrypted traffic between these servers is over port 10636. Ensure this port is open.
Configuration
- Login to the server that will be used to store the Master Password and run the PAM setup file.
- During installation, on the Choose Components screen, check the option Directory Service only.
- Complete the installation and save the Passwords supplied at the end to a safe location. You will need the Directory Password later in this guide.
- Login to the server that will be used to for the PAM installation and run the PAM setup file.
- During installation, on the Choose Components screen, check all the options required for your deployment, leaving the Directory Service option unchecked.
- Continue through the installation as required.
- When you reach the Directory Service screen:
- For the Server, enter the name or IP address of your Master Password server and optionally the port 10636.
- For the Password, enter the Directory Password that was generated at the end of the PAM Master Password installation (example shown in the screenshot above).
- Click the Connect button to test.
- When the test connection is successful, continue as required by clicking Next to complete the PAM installation.
For example, serverName or serverName:10636.