n 10.5 we can finally use the SSH public key authentication.
It works well but we forgot add the possibility to trail and report the used keys to do the simple identification the Guardium administrator
In SSH key infrastructure we can easily identify user by reference to registered key.
Could you add this functionality to the system?
My suggestion is:
1 - The registered keys should have additional label which points the admin identity (store/show system public key authorized)
2 - Each cli login should trails the public key name and map it to user identity
3 - Simple addition to Guardium User Activity domain the User Identity related to key will provide full audit trail for cli account
4 - Additionally we should stress situation in the report that some sessions used the password authentication mechanism to identify suspicious activity
This simple extension will remove need to use PIM solution to identify the cli user and will not force use the guardcliX to identify user by Guardium itself.
Do not place IBM confidential, company confidential, or personal information into any field.