A Quest Vault record is where you provide us with the login credentials needed to access your Quest One Privileged Password Manager (formerly e-DMZ PAR).
How to Use Vaults |
Click here and we'll walk you thru the steps. Add IP addresses to scan, configure scanner appliances, configure vaults and authentication records, set up option profiles and start scanning! |
Vault Credentials |
We recommend you create a dedicated user account for our scanners. |
Our recommendation is to use an API user with Quest/Dell 2.4 or higher. Using Quest/Dell 2.4 or higher, enter the key for the API user account you've created for our scanners. We support both API and CLI keys but recommend use of an API key.
If you're using E-DMZ/Quest version 2.3 or lower, enter the auto-generated DSA private key in PEM format for the user account that you've created for our scanners. |
Authentication Record |
Choose the Quest Server vault in your authentication record and provide the system name. |
System Name Enter the name of the vault system that contains the password to be used for authentication. |
User Permissions |
A Manager user has permission to configure a Quest vault. A Unit Manager can be granted this permission. |
There's just a couple steps: 1) log into the System Management console, 2) go to Users & Groups > UserIDs > Add UserID, 3) click the Details tab and enter a user name, first and last name, and for User Interface select API, 4) click the Save Changes button, and 5) click the Download Key button to download the account key.
Please refer to your Quest/Dell vault documentation for complete details.
Requirement for Oracle Listener AuthenticationRequirement for Oracle Listener Authentication
When storing a password in your Quest One Privileged Password Manager for an Oracle Listener system you must use the user name "oracle_listener".
Tell me about vault authenticationTell me about vault authentication
The vault credentials you provide are used to log in to the vault, allowing our service to access the password for the vault user account to be used for host authentication. You need to tell us in the vault record: 1) the IP address of the vault server and its listening port, and 2) the user name and the DSA private key in PEM format for the SSH authentication to be used for vault authentication. In an authentication record, enter the name of the vault system that contains the password to be used for authentication.
How it works: During a scan we'll perform a search for the system name and then retrieve the password. A single exact match of the system name must be found in order for authentication to be successful.