Using the OSU Secret Server for Shared / Research Lab Accounts

Overview

Initially, any shared or service accounts my be set up with a ticket to Infrastructure.

To securely keep shared account passwords, OSU stores them in PAM, for Privileged Access Management.

The PAM Console, at https://pam.osu.edu, can store all manner of passwords and push them to computers, providing a central store where group members can manage, change, and retrieve passwords. PAM will also remind owners when passwords need to be rotated.

Contents

When to Use a Shared Account

Shared accounts can be requested via an exception process.  If you need a shared account, reach out to ASCTech and we'll start the process.

Cases like an instrument that multiple people need to use one account may require shared accounts. Some useful information to provide with any request include:

  • name.# of each person who will have access to the password contents in PAM (View)
  • name.# for each person who will be able to update the password (Edit)
  • It may be helpful, as the support manager, to include yourself in one of the lists above to support your customer, please confirm if your name.# should be included.
  • A list of the specific assets where the account may be used to login.
  • Passwords expire and need to be changed, 180 days for non-admin accounts, 90 days for administrative accounts. By default these will rotate to a new, random password if they expire which can then be retrieved from PAM. If you would prefer for the account to be disabled at expiration, with no automatic rotation, let us know.
  • Shared accounts are generally named asc-shr-<project or research ID>, if you have an appropriate and useful name in mind, ideally 20 characters or less, please include that as well.

Changing or Retrieving the Password

 

Log into the Secret Server: http://pam.osu.edu/

Duo Push for 2FA

Go to All Secrets

Search on a likely string, such as your PI's name. Click on the star to highlight for future reference.

Uploaded Image (Thumbnail)
Show the current password. Uploaded Image (Thumbnail)

Change the password.

Uploaded Image (Thumbnail)
The Secret Server will guide you on complexity rules when changing the password. Uploaded Image (Thumbnail)
You can also tell the Secret Server to send you an email confirmation when a password is changed. Uploaded Image (Thumbnail)