Symantec Privileged Access Management

  • Private Community
 View Only

  • 1.  CA PAM - Network Device password manage

    Posted Oct 11, 2019 08:52 AM
    Good day,
    I have some doubt regarding the manage of password for Network Device (e.g. CISCO).
    If I understood correctly the manual:

    https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager/3-3/implementing/protect-privileged-account-credentials/add-target-accounts-to-target-applications/cisco-ssh-target-account-configuration.html

    In order to manage local account in CISCO, I need to define 2 "main" account:
    - Account of login
    - Fake account with "enable" password

    When I integrated the fake account with "enable" password, I need to not synchronize the password with the target system ("Update only the Credential Manager Server" option). This implies that the "enable" password must remain the same in the target system and that the PAM solution cannot manage this password.

    My question is:

    - Does PAM solution can change (manage) the "enable" accounts password on Cisco network devices?

    Thanks for your help,

    Regards,
    Andrea Gimmelli


  • 2.  RE: CA PAM - Network Device password manage
    Best Answer

    Broadcom Employee
    Posted Oct 23, 2019 04:11 PM
    Hi Andrea, No, we don't have management of the "enable" password out of the box. It should be possible to do it with a customized target application script, but I am not aware of anyone having done so.
    Original Message