PAM Auto login failed using Telnet Access to Cisco Devices

book

Article ID: 105729

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction

I have configured Cisco Devices for Telnet access and assigned correct target account in the Policy setup so user can access directly via PAM. However, auto login failed.

<Please see attached file for image>

Failed Auto Login - Telnet Access

Application setup is using cisco target connector and regular expression within the script processor fields had been adjusted to match the Telnet login prompt, but the problem is persisted. Notice that the login prompt is 'username:', all in lower cases.

Cause

For auto login to work using Telnet access PAM required the following login prompt.
   Username:

Notice that it has capital 'U' in the 'Username:' prompt. Cisco target connector type makes no bearing to this auto login issue. This target connector is being used to verify or update password in the device. So the regular expression setup will not address this auto login issue.

 

Environment

All PAM versions

Resolution

Unfortunately this is hard-coded within PAM and to address this issue we should change the configuration of the Cisco device so it gives above Telnet login prompt as required.
The recommendation is to use more secure SSH access rather than Telnet access.

Attachments

1558699814540000105729_sktwi1f5rjvs16jw2.png get_app