search cancel

Add Unix Account via CLI

book

Article ID: 215447

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

PAM Admin wants to know how to add a Unix Account via our CLI that is managed by another user?

Environment

Release : 3.3.x and 3.4.x

Component : Privileged Access Manager

Resolution

Ultimately you have to use the following set of commands:

  1. Get the "Use the following account to change password" target id first:
    • capam_command capam=pamservername adminUserID=super adminPassword=password cmdName=listTargetAccounts TargetAccount.userName=username TargetServer.hostName=servername
      • Here you will need the value of bm.id (example:) <bm.id>1091</bm.id>
  2. Than here is the command to on board this:
    • capam_command adminUserID=super adminPassword=password capam=pamserver cmdName=addTargetAccount "TargetServer.hostName=targethostname" "TargetApplication.name=Linux SSH App" "TargetAccount.userName=username" "TargetAccount.password=password" "Attribute.protocol=SSH2_PASSWORD_AUTH" "Attribute.passwordChangeMethod=IS_ROOT_ACCOUNT" "Attribute.useOtherAccountToChangePassword=true" "Attribute.otherAccount=1091" "TargetAccount.privileged=true" "TargetAccount.synchronize=true" "Attribute.verifyThroughOtherAccount=true"

Additional Information

Note:

  1. If you are also onboarding user's with special characters in their password -> you must find a linux system with the "base64" command and convert it and use as depicted in the following:
    • https://knowledge.broadcom.com/external/article/103755/ca-pam-cli-command-with-special-characte.html