Add Target Accounts using the CLI

To add a target account using the CLI, use the  updateTargetAccount commands.
capam32
To add a target account using the CLI, use the commands.
Follow these instructions:
2
Encode Complex Passwords with Special Characters
When you define targets (servers, applications, accounts) with the CLI, certain complex passwords, and SSH private keys can be difficult to input with CLI commands. The keys and passwords can contain special characters such as spaces, line feeds, and carriage returns. If the password contains these special characters, the shell (Windows and UNIX) can corrupt the information that Credential Manager receives.
To avoid this issue, perform base-64 encoding on the password
before
adding a target account with the
addTargetAccount
command.
The following utilities can perform base-64 encoding:
The following utilities can verify file hashes:
  • For Windows, use the Penteract File Checksum Integrity Verifier utility, available free from Microsoft..
  • For Linux, use the
    sh1sum
    command.
  • For OS X, use the
    shasum
    command.
When you use the
addTargetAccount
command, use the
passwordIsBase64Encoded
parameter and set it to true. If you set this parameter to true, the specified password is Base64-encoded and Credential Manager must decode the password before storing it.
Add a Target Account with the CLI
This procedure includes the commands for adding all required target objects, that is, a server, an application and an account. For details on the parameters of each command, see  Windows Remote Target Connector CLI Configuration for parameters unique to Windows Remote.
  1. Add a target server:
    Windows:
    capam_command adminUserID=admin capam=mycompany.com cmdName=addTargetServer ^ TargetServer.hostName=Vienna-Lab3.cloakware.com TargetServer.ipAddress=11.1.0.3 ^ Attribute.descriptor1=Vienna Attribute.descriptor2=Lab
    Linux:
    capam_command adminUserID=admin capam=mycompany.com cmdName=addTargetServer \ TargetServer.hostName=Vienna-Lab3.cloakware.com TargetServer.ipAddress=11.1.0.3 \ Attribute.descriptor1=Vienna Attribute.descriptor2=Lab
  2. Enter your password at the prompt. Credential Manager returns the following XML command string.
    <CommandResult> <cr.itemNumber>0</cr.itemNumber> <cr.statusCode>400</cr.statusCode> <cr.statusDescription>Success</cr.statusDescription> <cr.result> <TargetServer> <Attribute.descriptor2>Lab</Attribute.descriptor2> <Attribute.descriptor1>Vienna</Attribute.descriptor1> <ID>1</ID> <createDate>Mon Nov 12 15:35:14 EST 2007</createDate> <updateDate>Mon Nov 12 15:35:14 EST 2007</updateDate> <createUser>admin</createUser> <updateUser>admin</updateUser> <hash>XhMAD33ITheWuMB1L89Zsxfdxsg=</hash> <hostName>Vienna-Lab3.cloakware.com</hostName> <IPAddress>11.1.0.3</IPAddress> </TargetServer> </cr.result> </CommandResult>
  3. Add a target application:
    Windows:
    capam_command adminUserID=admin capam=mycompany.com cmdName=addTargetApplication ^ TargetServer.hostName=Vienna-Lab3.cloakware.com TargetApplication.type=Generic ^ TargetApplication.name='Generic Application Type' Attribute.descriptor1=Vienna ^ Attribute.descriptor2=Lab
    Linux:
    capam_command adminUserID=admin capam=mycompany.com cmdName=addTargetApplication \ TargetServer.hostName=Vienna-Lab3.cloakware.com TargetApplication.type=Generic \ TargetApplication.name='Generic Application Type' Attribute.descriptor1=Vienna \ Attribute.descriptor2=Lab
  4. Enter your password at the prompt. Credential Manager returns the following XML command string.
    <CommandResult> <cr.itemNumber>0</cr.itemNumber> <cr.statusCode>400</cr.statusCode> <cr.statusDescription>Success</cr.statusDescription> <cr.result> <TargetApplication> <Attribute.descriptor2>Lab</Attribute.descriptor2> <Attribute.descriptor1>Vienna</Attribute.descriptor1> <ID>1</ID> <createDate>Mon Nov 12 15:38:32 EST 2007</createDate> <updateDate>Mon Nov 12 15:38:32 EST 2007</updateDate> <createUser>admin</createUser> <updateUser>admin</updateUser> <hash>kvSzMfnFi2iCIihAVt85+N2jzpc=</hash> <targetServerID>1</targetServerID> <type>Generic</type> <name>Generic</name> <policyID>0</policyID> </TargetApplication> </cr.result> </CommandResult>
  5. Add a target account:
    Windows:
    capam_command adminUserID=admin capam=mycompany.com cmdName=addTargetAccount ^ TargetServer.hostName=Vienna-Lab3.cloakware.com TargetApplication.name='Generic Application Type' ^ TargetAccount.userName=account1 TargetAccount.password=123456 ^ passwordIsBase64Encoded=true TargetAccount.cacheBehavior=useCacheFirst TargetAccount.privileged=false ^ TargetAccount.cacheDuration=20 TargetAccount.accessType='A generic system account' ^ TargetAccount.synchronize=false Attribute.changePasswordAfterViewing=true ^ Attribute.descriptor1=Vienna Attribute.descriptor2=Lab
    Linux:
    capam_command adminUserID=admin capam=mycompany.com cmdName=addTargetAccount \ TargetServer.hostName=Vienna-Lab3.cloakware.com TargetApplication.name='Generic Application Type' \ TargetAccount.userName=account1 TargetAccount.password=123456 \ passwordIsBase64Encoded=true TargetAccount.cacheBehavior=useCacheFirst TargetAccount.privileged=false \ TargetAccount.cacheDuration=20 TargetAccount.accessType='A generic system account' \ TargetAccount.synchronize=false Attribute.changePasswordAfterViewing=true \ Attribute.descriptor1=Vienna Attribute.descriptor2=Lab
  6. Enter your password at the prompt. Credential Manager returns the following XML command string.
    <CommandResult> <cr.itemNumber>0</cr.itemNumber> <cr.statusCode>400</cr.statusCode> <cr.statusDescription>Success</cr.statusDescription> <cr.result> <TargetAccount> <Attribute.descriptor2>Lab</Attribute.descriptor2> <Attribute.changePasswordAfterViewing>true </Attribute.changePasswordAfterViewing> <Attribute.descriptor1>Vienna</Attribute.descriptor1> <ID>1</ID> <createDate>Mon Nov 12 15:42:43 EST 2007</createDate> <updateDate>Mon Nov 12 15:42:43 EST 2007</updateDate> <createUser>admin</createUser> <updateUser>admin</updateUser> <hash>q3/BaUy9uPvtbUkKgIrXvgseGt8=</hash> <targetApplicationID>1</targetApplicationID> <userName>account1</userName> <password>14adc6a1a720e58ee52032364b98f95b</password> <accessType>A</accessType> <cacheAllow>true</cacheAllow> <cacheBehavior>useCacheFirst</cacheBehavior> <cacheDuration>20</cacheDuration> <privileged>false</privileged> <synchronize>false</synchronize> <passwordVerified>false</passwordVerified> <lastVerified> </lastVerified> </TargetAccount> </cr.result> </CommandResult>
  7. If the account type is A2A (only possible if your license allows for A2A accounts), add a target alias:
    Windows:
    Windows: capam_command adminUserID=admin capam=mycompany.com cmdName=addTargetAlias ^ TargetAlias.name=ViennaAlias5 TargetServer.hostName=Vienna-Lab3.cloakware.com ^ TargetApplication.name='Generic Application Type' TargetAccount.userName=account1
    Linux:
    capam_command adminUserID=admin capam=mycompany.com cmdName=addTargetAlias \ TargetAlias.name=ViennaAlias5 TargetServer.hostName=Vienna-Lab3.cloakware.com \ TargetApplication.name='Generic Application Type' TargetAccount.userName=account1
  8. Enter your password at the prompt. Credential Manager returns the following XML command string.
    <CommandResult> <cr.itemNumber>0</cr.itemNumber> <cr.statusCode>400</cr.statusCode> <cr.statusDescription>Success</cr.statusDescription> <cr.result> <TargetAlias> <ID>1</ID> <createDate>Mon Nov 12 15:43:24 EST 2007</createDate> <updateDate>Mon Nov 12 15:43:24 EST 2007</updateDate> <createUser>admin</createUser> <updateUser>admin</updateUser> <hash>iB6pR3X7E8yP8p4RemqsChneEQc=</hash> <name>ViennaAlias5</name> <accountID>1</accountID> </TargetAlias> </cr.result> </CommandResult>
Add a Compound Account (Optional)
To add multiple servers that have the same account, you can specify compound servers.
Follow these steps:
  1. Add a target server as shown in the previous example in this topic
  2. Enter your password at the prompt.
  3. Add one or more servers:
    Windows:
    capam_command adminUserID=admin capam=mycompany.com cmdName=addTargetServer ^ TargetServer.hostName=Vienna-Lab3.cloakware.com TargetServer.ipAddress=11.1.0.3 ^ Attribute.descriptor1=Vienna Attribute.descriptor2=Lab
    Linux:
    capam_command adminUserID=admin capam=mycompany.com cmdName=addTargetServer \ TargetServer.hostName=Vienna-Lab3.cloakware.com TargetServer.ipAddress=11.1.0.3 \ Attribute.descriptor1=Vienna Attribute.descriptor2=Lab
  4. Enter your password at the prompt. Credential Manager returns the following XML command string.
    <CommandResult> <cr.itemNumber>0</cr.itemNumber> <cr.statusCode>400</cr.statusCode> <cr.statusDescription>Success</cr.statusDescription> <cr.result> <TargetServer> <Attribute.descriptor2>Lab</Attribute.descriptor2> <Attribute.descriptor1>Vienna</Attribute.descriptor1> <ID>2</ID> <createDate>Mon Nov 12 15:35:14 EST 2007</createDate> <updateDate>Mon Nov 12 15:35:14 EST 2007</updateDate> <createUser>admin</createUser> <updateUser>admin</updateUser> <hash>XhMAD33ITheWuMB1L89Zsxfdxsg=</hash> <hostName>Vienna-Lab3.cloakware.com</hostName> <IPAddress>11.1.0.4</IPAddress> </TargetServer> </cr.result> </CommandResult>
    Repeat step 3 and 4 for each compound server you want to add. Each
    addTargetServer
    operation returns a new ID value.
  5. Add a target application as shown in the previous example in this topic.
  6. Enter your password at the prompt.
  7. Add a compound target account:
    For the
    TargetAccount.compoundServerIDs
    parameter, list each
    <ID>
    value that is returned in steps 3 and 4, separated by commas.
    Windows:
    capam_command adminUserID=admin capam=mycompany.com cmdName=addTargetAccount ^ TargetServer.hostName=Vienna-Lab3.cloakware.com TargetApplication.name='Generic Application Type' ^ TargetAccount.userName=account1 TargetAccount.password=123456 ^ TargetAccount.cacheBehavior=useCacheFirst TargetAccount.privileged=false ^ TargetAccount.cacheDuration=20 TargetAccount.accessType='A generic system account' ^ TargetAccount.synchronize=false Attribute.changePasswordAfterViewing=true ^ TargetAccount.isCompound=true TargetAccount.compoundServerIDs=1,2 Attribute.descriptor1=Vienna ^ Attribute.descriptor2=Lab
    Linux:
    capam_command adminUserID=admin capam=mycompany.com cmdName=addTargetAccount \ TargetServer.hostName=Vienna-Lab3.cloakware.com TargetApplication.name='Generic Application Type' \ TargetAccount.userName=account1 TargetAccount.password=123456 \ TargetAccount.cacheBehavior=useCacheFirst TargetAccount.privileged=false \ TargetAccount.cacheDuration=20 TargetAccount.accessType='A generic system account' \ TargetAccount.synchronize=false Attribute.changePasswordAfterViewing=true \ TargetAccount.isCompound=true TargetAccount.compoundServerIDs=1,2 Attribute.descriptor1=Vienna \ Attribute.descriptor2=Lab
  8. Enter your password at the prompt. Credential Manager returns the following XML command string.
    <CommandResult> <cr.itemNumber>0</cr.itemNumber> <cr.statusCode>400</cr.statusCode> <cr.statusDescription>Success</cr.statusDescription> <cr.result> <TargetAccount> <Attribute.descriptor2>Lab</Attribute.descriptor2> <Attribute.changePasswordAfterViewing>true </Attribute.changePasswordAfterViewing> <Attribute.descriptor1>Vienna</Attribute.descriptor1> <ID>1</ID> <createDate>Mon Nov 12 15:42:43 EST 2007</createDate> <updateDate>Mon Nov 12 15:42:43 EST 2007</updateDate> <createUser>admin</createUser> <updateUser>admin</updateUser> <hash>q3/BaUy9uPvtbUkKgIrXvgseGt8=</hash> <targetApplicationID>1</targetApplicationID> <userName>account1</userName> <password>14adc6a1a720e58ee52032364b98f95b</password> <accessType>A</accessType> <cacheAllow>true</cacheAllow> <cacheBehavior>useCacheFirst</cacheBehavior> <cacheDuration>20</cacheDuration> <privileged>false</privileged> <synchronize>false</synchronize> <passwordVerified>false</passwordVerified> <lastVerified> </lastVerified> </TargetAccount> </cr.result> </CommandResult>