Storing Master Password on Separate Server

For additional security, PAM provides a simple method for storing your Master Password (what is the Master Password?) key on a separate host.

If you are considering this approach, then the following describes the method to configure this setup during installation.

Pre-requisites

  • At least two servers, one to store the master password and the other for the PAM installation.
  • Encrypted traffic between these servers is over port 10636. Ensure this port is open.

Configuration

  1. Login to the server that will be used to store the Master Password and run the PAM setup file.
  2. During installation, on the Choose Components screen, check the option Directory Service only.
  3. Complete the installation and save the Passwords supplied at the end to a safe location. You will need the Directory Password later in this guide.

    4. FAQ-External-Directory-Service-Password

  4. Login to the server that will be used to for the PAM installation and run the PAM setup file.
  5. During installation, on the Choose Components screen, check all the options required for your deployment, leaving the Directory Service option unchecked.
  6. Continue through the installation as required.
  7. When you reach the Directory Service screen:
    1. For the Server, enter the name or IP address of your Master Password server and optionally the port 10636.

      2. For example, serverName or serverName:10636.

    2. For the Password, enter the Directory Password that was generated at the end of the PAM Master Password installation (example shown in the screenshot above).
  8. Click the Connect button to test.

    9. FAQ-External-Directory-Service-Installation

  9. When the test connection is successful, continue as required by clicking Next to complete the PAM installation.