We successfully tested a replacement update script for a UNIX-type target application for a device for which passwords cannot be managed by the default script. We have many devices of this type and want to publish target applications for each device using the CLI tool since configuring each target application manually would be very time consuming and error-prone.

Unix Target Connector documentation, e.g. on page UNIX Target Connector CLI Configuration for the 4.1.7 release, documents CLI parameter Attribute.useUpdateScriptType with a possible value of REPLACEMENT. But there is no information on how to pass in the replacement script. There is only a comment stating that support should be contacted if the script type is not default.

Is it possible to use the CLI tool to publish replacement update scripts?

Applies to all PAM releases as of April 2024

Yes, this is possible, but as documented we discourage customers from doing this on their own. Open a support case and the CA PAM support team can assist you in using the CLI tool to publish target applications of type UNIX with custom scripts, or work with CA services to customize your target applications.