What is the right syntax to update passwords using CLI in CA PAM ?
Article ID: 144337
Updated On:
Products
CA Privileged Access Manager (PAM)
Issue/Introduction
Using the CLI/Java API to change the password for a privileged or non-privileged target account from the command line is sometimes a cumbersome task due to the number of parameters involved, the multiple possible options for each one and the lack of practical examples. This article provides the syntax of the CLI command for changing the password of a privileged and non-privileged target account corresponding to a Linux/UNIX target application. The command examples provided can easily be modified to accommodate similar use cases.
Environment
CA PRIVILEGED ACCESS MANAGEMENT, all active versions
Resolution
The following use cases are presented
- Change of a privileged account password. Assuming the root is able to change its own password. The syntax is
capam_command capam=<<your_pam_server>> adminUserId=<<admin_user>> cmdName=updateTargetAccount TargetServer.hostName=<<target_hostname_or_ip>> TargetApplication.name=<<linux_application_associated_to_target_hostname>> TargetAccount.userName=<<your_target_account>> TargetAccount.ID=<<numerical_id_of_target_account>> TargetAccount.password=<<new_password>> TargetAccount.privileged=true Attribute.useOtherAccountToChangePassword=false Attribute.protocol=SSH2_PASSWORD_AUTH Attribute.verifyThroughOtherAccount=false Attribute.passwordChangeMethod=DO_NOT_USE_SUDO
Note that the attribute DO_NOT_USE_SUDO may be replaced by any of the other possible values in case you need to use sudo or elevated privileges to change the password of a privileged target account.
Note that the attribute DO_NOT_USE_SUDO may be replaced by any of the other possible values in case you need to use sudo or elevated privileges to change the password of a privileged target account.
- Change of a non-privileged account password by using the root user.
capam_command capam=<<your_pam_server>> adminUserId=<<admin_user>> cmdName=updateTargetAccount TargetServer.hostName=<<target_hostname_or_ip>> TargetApplication.name=<<linux_application_associated_to_target_hostname>> TargetAccount.userName=<<target_account_whose_password_you_want_to_change>> TargetAccount.ID=<<numerical_id_of_target_account_to_change_password>> TargetAccount.password=<<new_password>> TargetAccount.privileged=false Attribute.useOtherAccountToChangePassword=true Attribute.otherAccount=<<numerical_id_of_other_account_to_change_password>> Attribute.protocol=SSH2_PASSWORD_AUTH Attribute.verifyThroughOtherAccount=false
- Change of the root user password. The syntax is
capam_command capam=<<your_pam_server>> adminUserId=<<admin_user>> cmdName=updateTargetAccount TargetServer.hostName=<<target_hostname_or_ip>> TargetApplication.name=<<linux_application_associated_to_target_hostname>> TargetAccount.userName=root TargetAccount.ID=<<numerical_id_of_target_account_for_root>>TargetAccount.password=<<new_password>> TargetAccount.privileged=true Attribute.useOtherAccountToChangePassword=false Attribute.protocol=SSH2_PASSWORD_AUTH Attribute.verifyThroughOtherAccount=false Attribute.passwordChangeMethod=IS_ROOT_ACCOUNT
Feedback
Yes
No
Powered by
