How to verify a PIM endpoint is setup for PUPM and if the root account is managed?

book

Article ID: 36549

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

Introduction: 

In the process of installing PIM endpoints you need a way to verify from the local endpoint its connectivity to the Enterprise Manager server and if the local root account is managed. 

Question: 

What are the command or options to check and verify a newly installed endpoint is setup for PUPM and how to check if the root account is managed from the endpoint only? 

Answer: 

To verify that the AgentManager is setup and communicating to your Distribution Server check the messages file for it's successful connection. 

Jan 29 14:04:37 LinuxHost1 AgentManager[25052]: Successfully connected to the Distribution Server ssl://DS_SERVER:7243

Jan 29 14:04:37 LinuxHost1 AgentManager[25034]: Successfully connected to the Distribution Server ssl://DS_SERVER:7243

Jan 29 14:04:38 LinuxHost1 AgentManager[25193]: Successfully connected to the Distribution Server ssl://DS_SERVER:7243

If you do not see a successful or failed connection check if the Distribution_Server is set in accommon.ini 

#grep /opt/CA/AccessControlShared/accommon.ini Distribution_Server

Distribution_Server = ssl://DS_SERVER:7243

If it's correctly set then check these tokens to verify PUPM is setup. 

In /opt/CA/AccessControlShared/accommon.ini section AgentManager token Plugins for value PupmAgent 

In /opt/CA/AccessControlShared/accommon.ini section PupmAgent token OperationMode for value 1 

To verify if the root account is manged you can use acpwd utility. Note, a password consumer for acpwd must already be setup allowing access. 

/opt/CA/AccessControl/bin/acpwd -get -account root -eptype "Access Control for PUPM" -container "SSH Accounts" -ep "HostName"

 


 

Environment

Release: ACP1M005900-12.9-Privileged Identity Manager
Component: