Add Unix Account via CLI
Article ID: 215447
Updated On:
Products
CA Privileged Access Manager (PAM)
Issue/Introduction
PAM Admin wants to know how to add a Unix Account via our CLI that is managed by another user?
Environment
Release : 3.3.x and 3.4.x
Component : Privileged Access Manager
Resolution
Ultimately you have to use the following set of commands:
- Get the "Use the following account to change password" target id first:
- capam_command capam=pamservername adminUserID=super adminPassword=password cmdName=listTargetAccounts TargetAccount.userName=username TargetServer.hostName=servername
- Here you will need the value of bm.id (example:) <bm.id>1091</bm.id>
- capam_command capam=pamservername adminUserID=super adminPassword=password cmdName=listTargetAccounts TargetAccount.userName=username TargetServer.hostName=servername
- Than here is the command to on board this:
- capam_command adminUserID=super adminPassword=password capam=pamserver cmdName=addTargetAccount "TargetServer.hostName=targethostname" "TargetApplication.name=Linux SSH App" "TargetAccount.userName=username" "TargetAccount.password=password" "Attribute.protocol=SSH2_PASSWORD_AUTH" "Attribute.passwordChangeMethod=IS_ROOT_ACCOUNT" "Attribute.useOtherAccountToChangePassword=true" "Attribute.otherAccount=1091" "TargetAccount.privileged=true" "TargetAccount.synchronize=true" "Attribute.verifyThroughOtherAccount=true"
Additional Information
Note:
- If you are also onboarding user's with special characters in their password -> you must find a linux system with the "base64" command and convert it and use as depicted in the following:
- https://knowledge.broadcom.com/external/article/103755/ca-pam-cli-command-with-special-characte.html
Feedback
Yes
No
Powered by
