If the 'Config' user's password is lost or forgotten it can be reset in order to gain access back to the config page.
CA Privileged Access Manager (CA PAM) has two pre-configured user accounts: 'super' and 'config'. 'super' is the Administrative account that has access to all CA Privileged Access Manager settings from the main PAM GUI. 'Config' is a special user used to protect a secondary configuration page meant for initial setup and emergency use.
We recommend using the configuration account only for initial setup and immediately changing the password from default using the Change Password button in the Config Page Menu. Store the new password in a safe place and use it only for emergencies when other authentication methods are not available.
Consider also changing the 'config' and 'super' Login Ids using the Config Page Menu for additional security.
Any supported PAM release
The procedure to reset the config user's password is different for Hardware vs. VMware vs. Cloud Instances (AWS/Azure). These procedures will need to be done individually on each effected appliance. If there are any problems with these procedures, contact PAM Support for additional assistance getting the password reset.
Important! In all cases it is suggested to visit the config page immediately after resetting the password to update to a more secure password. See Additional Info in this doc for more info.
VMware:
Follow the steps below to reset the 'config' user password to factory default for a PAM Virtual appliance:
- Connect to the ESX/vCenter server where CA PAM is hosted.
- Open the VM Console for the CA PAM VM.
- Once in the VM Console, the main menu appears. It may be necessary to click into the window to activate it.
- In the main menu, use the up/down arrows to highlight ‘Reset Password’ and press enter to select the option.
Selecting this option will reset the ‘config’ user password to the default password: config
Hardware:
For hardware appliances the Reset Password option is available on the front LCD panel. See the documentation link below & search for "Reset Password" for instructions:
https://docops.ca.com/ca-privileged-access-manager/3-2/EN/deploying/deploy-the-hardware-appliance/configure-network-connections-for-the-appliance
Following these instructions will reset the ‘config’ user password to the default password: config
Cloud Instance (AWS/Azure):
Unfortunately, unlike VMware; AWS & Azure do not have a console screen where the config password can be reset easily. If the config password is lost for a Cloud Instance please contact PAM Support for assistance resetting the password.
To change the 'config' user's password after resetting it follow the steps below:
· Access URL: https://YourCAPAMaddress/config/
· In the pop-up window, enter: User Name: config / Password: config
· Once logged in, click Change Password in the upper right-hand toolbar menu.
· In the Password and Confirm fields (in the Change Config User Login Id and Password panel), enter your new password.
· In the same panel, click Update.
As long as the updated passwords match, you are immediately logged out and returned to the administration login page.
More info on managing the config user:
https://docops.ca.com/ca-privileged-access-manager/3-2/EN/implementing/configuring-your-server/configuration-utility/change-login-for-config-or-super-user