Symantec Privileged Access Management

 View Only
  • 1.  MAC OS of pam service question

    Posted Jan 08, 2018 10:34 PM

    PAM Version : 3.0.2

    Client Application : /Applications/ <User> <Local IP> <First Port>



    Scripts Contents :



    MYUSERID="${1}" MYHOST="${2}" MYPORT="${3}"


    cat /dev/null > itermssh.script

    cat << _EOF_ > itermssh.script

    my execCmd("/usr/bin/ssh-keygen -R [${MYHOST}]:${MYPORT}>/dev/null 2>&1;/usr/bin/ssh-keyscan -p ${MYPORT} ${MYHOST} >> ~/.ssh/known_hosts 2>/dev/null;/usr/bin/ssh ${MYUSERID}@${MYHOST} -p ${MYPORT}", 1) on execCmd(cmd, pause)


    tell application "iterm2"

                 create window with default profile

                 tell current session of current window 

    write text cmd end tell

    end tell

    delay pause end execCmd _EOF_


    chmod +x itermssh.script


    /usr/bin/osascript itermssh.script




    But I have a question.

    In this way, two terminals will be generated.
    One is a basic MAC terminal,
    One is the Iterm terminal


    Can I only allow Iterm terminals to occur?

  • 2.  Re: MAC OS of pam service question

    Broadcom Employee
    Posted Jan 17, 2018 11:44 AM

    Hi Song, Can you clarify where the script contents comes from? Is this your own?

  • 3.  Re: MAC OS of pam service question

    Broadcom Employee
    Posted Jan 24, 2018 08:45 AM


    There are several variation of this script I have seen but each one seems to have this same base requirement. This is partially to do with the way our TCP Services was designed and the way the MAC OS launches its applications. While it may be possible to code a middleware type application to launch the terminal application in the fashion you want it is current not a feature of CA PAM and therefore would need to be brought up as an enhancement request. Have you opened an enhancement request yet?