PAM Auto login failed using Telnet Access to Cisco Devices
Article ID: 105729
Updated On:
Products
CA Privileged Access Manager - Cloakware Password Authority (PA)
CA Privileged Access Manager (PAM)
Issue/Introduction
I have configured Cisco Devices for Telnet access and assigned correct target account in the Policy setup so user can access directly via PAM. However, auto login failed.
Application setup is using cisco target connector and regular expression within the script processor fields had been adjusted to match the Telnet login prompt, but the problem is persisted. Notice that the login prompt is 'username:', all in lower cases.
<Please see attached file for image>
Application setup is using cisco target connector and regular expression within the script processor fields had been adjusted to match the Telnet login prompt, but the problem is persisted. Notice that the login prompt is 'username:', all in lower cases.
Environment
All PAM versions
Cause
For auto login to work using Telnet access PAM required the following login prompt.
Username:
Notice that it has capital 'U' in the 'Username:' prompt. Cisco target connector type makes no bearing to this auto login issue. This target connector is being used to verify or update password in the device. So the regular expression setup will not address this auto login issue.
Username:
Notice that it has capital 'U' in the 'Username:' prompt. Cisco target connector type makes no bearing to this auto login issue. This target connector is being used to verify or update password in the device. So the regular expression setup will not address this auto login issue.
Resolution
Unfortunately this is hard-coded within PAM and to address this issue we should change the configuration of the Cisco device so it gives above Telnet login prompt as required.
The recommendation is to use more secure SSH access rather than Telnet access.
The recommendation is to use more secure SSH access rather than Telnet access.
Attachments
Feedback
Yes
No
Powered by
