How to Create a UNIX device, application and Target account using CLI

Document ID : KB000072558
Last Modified Date : 05/03/2018
Show Technical Document Details
Introduction:
This document is giving an example how to create
- a UNIX Device
- a related Target Application
- a local Target Account on this Device synchronised with CA PAM using SSH

(Note the commands are case sensitive)

In this example the target is a Linux host (RH74) with IP address 192.168.1.74, the local root user is the target account.
 
Instructions:
1. Define the Device
    (Replace the IP addreass with hostname or FQDN in TargetServer.hostName if you want to use naming resolution)
   
C:\REMOTECLI>capam_command adminUserID=super adminPassword=superpwd capam=xsuite cmdName=addTargetServer TargetServer.hostName=192.168.1.74 TargetServer.deviceName=RH74

Result should be:
<CommandResult><cr.itemNumber>0</cr.itemNumber><cr.statusCode>400</cr.statusCode><cr.statusDescription>Success.</cr.statusDescription><cr.result><TargetServer><IPAddress>192.168.1.74</IPAddress><deviceName>RH74</deviceName><hostName>192.168.1.74</hostName><extensionType></extensionType><updateDate>Mon Mar 05 10:54:23 UTC 2018</updateDate><createUser>super</createUser><hash>iG1Tk4Qf1usWla9tuZOzcI2pWxY=</hash><updateTime>1520247263000</updateTime><updateUser>super</updateUser><createTime>1520247263000</createTime><createDate>Mon Mar 05 10:54:23 UTC 2018</createDate><ID>1023</ID></TargetServer></cr.result></CommandResult>


2. Create a Target Application of Type UNIX/Generic

C:\REMOTECLI>capam_command adminUserID=super adminPassword=superpwd capam=xsuite cmdName=addTargetApplication TargetServer.hostName=192.168.1.74 TargetApplication.name=RH74 TargetApplication.type=unixII Attribute.extensionType=unixII Attribute.unixVariant=GENERIC

Result should be:
<CommandResult><cr.itemNumber>0</cr.itemNumber><cr.statusCode>400</cr.statusCode><cr.statusDescription>Success.</cr.statusDescription><cr.result><TargetApplication><policyID>0</policyID><targetServerID>1023</targetServerID><targetServer></targetServer><name>RH74</name><type>unixII</type><extensionType>unixII</extensionType><updateDate>Mon Mar 05 10:54:23 UTC 2018</updateDate><createUser>super</createUser><hash>6xY1GRR25NN4IX11g5dAJFJrI88=</hash><updateTime>1520247263474</updateTime><updateUser>super</updateUser><Attribute.unixVariant>GENERIC</Attribute.unixVariant><Attribute.extensionType>unixII</Attribute.extensionType><createTime>1520247263473</createTime><createDate>Mon Mar 05 10:54:23 UTC 2018</createDate><ID>1027</ID></TargetApplication></cr.result></CommandResult>


3. Create a Target Account which is residing locally in this device

C:\REMOTECLI>capam_command adminUserID=super adminPassword=superpwd capam=xsuite cmdName=addTargetAccount TargetServer.hostName=192.168.1.74 TargetApplication.name=RH74 TargetAccount.userName=root TargetAccount.password=accountpwd Attribute.protocol=SSH2_PASSWORD_AUTH Attribute.passwordChangeMethod=IS_ROOT_ACCOUNT Attribute.useOtherAccountToChangePassword=false TargetAccount.privileged=true TargetAccount.synchronize=true

Results should be:
<CommandResult><cr.itemNumber>0</cr.itemNumber><cr.statusCode>400</cr.statusCode><cr.statusDescription>Success.</cr.statusDescription><cr.result><TargetAccount><compoundServerIDs>null</compoundServerIDs><cacheBehavior>useCacheFirst</cacheBehavior><cacheDuration>30</cacheDuration><ownerUserID>-1</ownerUserID><compoundAccount>false</compoundAccount><targetApplicationID>1027</targetApplicationID><userName>root</userName><serverKeyId>1000</serverKeyId><cacheAllow>true</cacheAllow><targetApplication>
Name: RH74
Policy ID: 0
Target Server ID: 1023
Type: unixII
</targetApplication><compoundServerList>[]</compoundServerList><passwordViewPolicyID>1000</passwordViewPolicyID><passwordVerified>true</passwordVerified><synchronize>true</synchronize><cacheBehaviorInt>1</cacheBehaviorInt><lastVerified>Mon Mar 05 10:54:25 UTC 2018</lastVerified><lastViewed></lastViewed><targetServerAlias></targetServerAlias><lastUsed></lastUsed><accessType></accessType><aliases></aliases><password>{1000}530542cf8f20ce39f7c403033cac6942</password><privileged>true</privileged><extensionType>unixII</extensionType><updateDate>Mon Mar 05 10:54:25 UTC 2018</updateDate><createUser>super</createUser><hash>glJf3UE85nln0TzBeR5HIlxoM9c=</hash><updateTime>1520247265473</updateTime><updateUser>super</updateUser><Attribute.protocol>SSH2_PASSWORD_AUTH</Attribute.protocol><Attribute.extensionType>unixII</Attribute.extensionType><Attribute.useOtherAccountToChangePassword>false</Attribute.useOtherAccountToChangePassword><Attribute.passwordChangeMethod>IS_ROOT_ACCOUNT</Attribute.passwordChangeMethod><createTime>1520247264091</createTime><createDate>Mon Mar 05 10:54:24 UTC 2018</createDate><ID>1022</ID></TargetAccount></cr.result></CommandResult>
Additional Information:
See also:
https://docops.ca.com/ca-privileged-access-manager/3-1-1/EN/programming/credential-manager-cli-commands