We have been working to script password copies between servers during DR testing and have run into an issue with the credential export using the CLI. If the password has certain special characters, running the viewAccountPassword command substitutes "tags" for those characters. For example, "&" is replaced with "&", a single quote or apostrophe is replaced with "'" and lesser and greater than symbols are replaced with "<" or ">" respectively.

So the password Uw)Y&9F^>E*'Wgv?xB# is rendered as Uw)Y&9F^>E*'Wgv?xB# when extracted.

I believe this may be caused by the xml format as even after correcting the password, running other commands that use xml reverts the special characters to the "tag".

There may be other characters affected that I have not encountered yet.

Release : 4.0

Component : PRIVILEGED ACCESS MANAGEMENT

XML has five special characters, see e.g. Special Characters in XML, and they need to be escaped in output strings in XML format.

This is not a problem, but working as it should. The viewAccountPassword command output is in XML format and the five XML special characters need to be escaped as required by the XML format.

Similarly, when remote CLI command batchSequence is used, it takes an XML file as input, and passwords inside the file need to have those characters escaped as well.

Sample command:

capam_command capam=<PAM server address> adminUserId=<PAM admin username> adminPassword=<PAM admin password> cmdName=batchSequence inputfile=<path to input file> outputfile=<path to output file>

Sample input file:

will set the password of the (unsynchronized) account with ID 81001 to Uw)Y&9F^>E*'Wgv?xB#.