cr314 Frequent Contributor.
Frequent Contributor.
395 views

How to update Enterprise Credential Vault everyday

Hello everyone,

I have PAM 3.2 installed in a RHEL Server, I need to configure a server, it has a policy where the system updates operating system users' password everyday. I have read admin document, but it doesn't exist any reference of how to update a credential using a script or API. could you tell me is it possible to update a credential in the Enterprise Credendial Vault everyday?.

Regards.
0 Likes
9 Replies
AutomaticReply Absent Member.
Absent Member.

Re: How to update Enterprise Credential Vault everyday

Crmx123,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

These forums are peer-to-peer, best effort, volunteer run and that if your issue
is urgent or not getting a response, you might try one of the following options:

- Visit https://www.microfocus.com/support-and-services and search the knowledgebase and/or check
all the other self support options and support programs available.
- Open a service request: https://www.microfocus.com/support
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.microfocus.com)
- You might consider hiring a local partner to assist you.
https://www.partnernetprogram.com/partnerfinder/find.html

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.microfocus.com/faq.php

Sometimes this automatic posting will alert someone that can respond.

If this is a reply to a duplicate posting or otherwise posted in error, please
ignore and accept our apologies and rest assured we will issue a stern reprimand
to our posting bot.

Good luck!

Your Micro Focus Forums Team
http://forums.microfocus.com



0 Likes
cpedersen Outstanding Contributor.
Outstanding Contributor.

Re: How to update Enterprise Credential Vault everyday

On 06.06.19 20:04, Crmx123 wrote:
>
> Hello everyone,
>
> I have PAM 3.2 installed in a RHEL Server, I need to configure a
> server, it has a policy where the system updates operating system users'
> password everyday. I have read admin document, but it doesn't exist any
> reference of how to update a credential using a script or API. could you
> tell me is it possible to update a credential in the Enterprise
> Credendial Vault everyday?.
>
> Regards.
>
>

Hi,

Have a look at this, which shows how to update an credential incl.
changing the password:
https://www.netiq.com/documentation/privileged-account-manager-32/additional_resources/restapiguide.pdf

You probably also would have to look at this to get a better
understanding of the JSONApi:
https://www.netiq.com/documentation/privileged-account-manager-30/additional_resources/jsonapiguide.pdf



Casper
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: How to update Enterprise Credential Vault everyday

There is a full REST API guide bundled into the UI at https://<manager>/pam - Once you login, select the top-right drop-down and select "REST API." This has all the info you'll need with examples of various authentication approaches, and all the REST operations with the ability to try out each of the calls in the UI. I highly recommend it.
0 Likes
achinayoung_wau Respected Contributor.
Respected Contributor.

Re: How to update Enterprise Credential Vault everyday

https://<manager>/pam doesn't work on our 3.2 servers (browser returns "The requested item was not found on this server"). The REST API guide uses pum_rest_auth in the curl calls but makes no mention of how to obtain one.

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: How to update Enterprise Credential Vault everyday

New User Console "/pam" has been added in PAM 3.5:
https://www.netiq.com/documentation/privileged-account-manager-35/npam_35_releasenotes/data/npam_35_releasenotes.html#t46tjgfmoe0n

Enhancements to REST API have been made including Credential Vault Management in PAM 3.5:
https://www.netiq.com/documentation/privileged-account-manager-35/npam_35_releasenotes/data/npam_35_releasenotes.html#t46tvilqhh7e

I recommend upgrading to PAM 3.5 / 3.6 as there has been many great enhancements made to the product.

However, in PAM 3.2, the following REST API Guide is available detailing all available at that time ("Add or Modify Credential"):
https://www.netiq.com/documentation/privileged-account-manager-32/additional_resources/restapiguide.pdf

0 Likes
achinayoung_wau Respected Contributor.
Respected Contributor.

Re: How to update Enterprise Credential Vault everyday

Thanks. But, if you look at #11 (Add or Modify Vault), in the REST API Guide, the curl command example uses "pum_rest_auth" for authentication. Where does the value for this variable come from? This variable is used in other curl examples but no information is provided on how to generate the variable's value.

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: How to update Enterprise Credential Vault everyday

That is the token needed to authenticate the request. The documentation has improved here in more recent releases of PAM and has a built-in with a "Try it Out" dashboard for the REST API.

There are a couple options in PAM 3.2 for authentication:

1) Basic Auth - provide on every curl command to set the "basic auth" username & password, which re-authenticates every time. From curl documentation, this can be done with -u, --user <user:password>. With this approach, you won't need to reference the "pum_rest_auth" part of the curl command examples.

2) Authenticate with PAM and retrieve the pum_rest_auth from the "Set-Cookie" HTTP response. To do so, you'll need to call the REST API "/rest/auth/Login" and then use the Cookie it returns in subsequent requests. Adding "-v, --verbose" to the curl will reveal this. There are other approaches to handle auth cookies built into curl. To obtain the cookie with verbose mode, something like the following:
curl -v --insecure -u <user:password> "https://localhost/rest/auth/Login"
Look for "< Set-Cookie: pum_rest_auth=..."

0 Likes
achinayoung_wau Respected Contributor.
Respected Contributor.

Re: How to update Enterprise Credential Vault everyday

We looked into upgrading to 3.5/3.6 but because the consoles are being upgraded to HTML5 in a piecemeal fashion, admins have to work with the older and newer consoles, rather than one seamless experience. We can currently do everything we need with 3.2 so we plan to hold off on upgrading until all of the consoles we normally use are upgraded. Of course, if support for 3.2 ends, then we'll be forced to upgrade.

Micro Focus Contributor
Micro Focus Contributor

Re: How to update Enterprise Credential Vault everyday

In the PAM v3.6, you can do this via GUI 

password_rotation.JPG

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.