2.3. Credential Stores

Credential Stores are repositories of user credentials, for example, passwords, private keys, certificates. They are used for authenticating a user to the target server that the user wishes to access, without the user actually having access to those credentials. Credentials are retrieved transparently from PSM's local Credential Store or an external, third-party password management system by PSM impersonating the authenticated user. This automatic password retrieval is crucial as this method protects the confidentiality of passwords since users can never access them.

Users accessing connections that use Credential Stores must authenticate on PSM using gateway authentication. They only have to use their gateway password to log in to PSM, and if they are allowed to access the target server, PSM automatically logs in using the Credential Store. For details on gateway authentication, see Procedure 2.14, The gateway authentication process.

Figure 2.5. Authenticating using Credential Stores

Authenticating using Credential Stores

Credential Stores can be stored locally on PSM, or on a remote device. For remote Credential Stores, PSM currently supports the Lieberman Enterprise Random Password Manager (ERPM), or integration with external authentication and authorization systems using plugins.

For further information on Credential Stores including configuration details, see Section 18.4, Using credential stores for server-side authentication.