Layer7 Privileged Access Management

Expand all | Collapse all

Login Application Script

  • 1.  Login Application Script

    Posted 05-10-2018 08:59 AM

    Hello everyone!!

     

    I want to know whether we can get login to Core Switch and Leaf Switch through CM using login application scripts like we are using for RDP, PUTTY etc.



  • 2.  Re: Login Application Script

    Posted 05-11-2018 10:26 AM

    Depending on how you login to these devices, it may not be necessary for a special script to be created.  How do you login to these devices?  If you login via ssh you may be able to use the Unix or Cisco application types, in order to manage the device.  Login to the devices and type the commands to change a password.  Then go to the Script Processor tab for the Target Application and change the appropriate settings.  When using the Unix application, this would involve the Regular Expressions for the various prompts.  You might also have to change the timeout.  Another field that might need to be changed is the Change Password Command.  This has been done many times with a variety of devices.  In some cases, this technique did not work, and a modified script was need.  This would typically be handled as a Services engagement, as it not a standard Support activity.  A customized script would also likely be needed if something other than ssh is used to change passwords on the device, and the methodology used does not match one of PAM's application types.  I hope this helps.



  • 3.  Re: Login Application Script

    Posted 05-16-2018 08:05 AM

    Hi,

     

    As I see you have provided technical insight of the access on switch, here i requested that if any automated script available in ActiveX library (for switch) or custom script need to be written. Rather taking an ssh session of the device is there any way to get the GUI access of the switch for management purpose.

    Kindly confirm.



  • 4.  Re: Login Application Script

    Posted 05-16-2018 09:00 AM

    Hi Narendra, The scripts Ed commented on are for password management of accounts on a device, not for device access. If you are concerned with access to a user interface of a device with auto-login using credentials stored in PAM, you should consider an RDP application with transparent logon, see https://docops.ca.com/ca-privileged-access-manager/3-2/EN/implementing/provision-your-server/provisioning-devices/set-up-transparent-login/rdp-connections, or a Web Portal, see https://docops.ca.com/ca-privileged-access-manager/3-2/EN/implementing/provision-your-server/provisioning-devices/about-access-setup/create-tcp-udp-services/configure-automatic-login-to-web-portals.