Add Target Accounts and Aliases
Credential Manager provides a mechanism to generate automatically a pseudorandom password. For synchronized accounts, the random password is based on the configured password composition policy and updates automatically directly on the target system. For Generic accounts, manually change this password on the target system to agree with the password stored in the secure database.
capamnew
HID_TargetAccountSummaryPanel
Create accounts on the native system before registration in Credential Manager. For example, create an Oracle account on the Oracle database before you register it in Credential Manager as a synchronized account. Once you register the account in Credential Manager, the target password benefits from frequent managed updates to reflect the password that is maintained in the Credential Manager database.
Random Passwords
Credential Manager provides a mechanism to generate automatically a pseudorandom password. For synchronized accounts, the random password is based on the configured password composition policy and updates automatically directly on the target system. For Generic accounts, manually change this password on the target system to agree with the password stored in the secure database.
Synchronized Accounts
Credential Manager automatically verifies synchronized accounts upon initial registration. In addition, You can also use a button in the GUI or the
verifyAccountPassword
CLI command to verify manually synchronized target account passwords.You can schedule password updates for synchronized accounts with the GUI (Targets, Scheduled Jobs). Alternatively, you can enable password expiration.
A scheduled job can be created to verify the passwords of synchronized accounts.
Compound Accounts
A compound account consists of several accounts on a cluster of servers, all having the same account name. When a password change occurs, all members of the compound account remain synchronized. When the password of a compound account is updated, it is changed on all the cluster members. If the password cannot be changed on one or more of the cluster members, it must be rolled back to the previous value on all them to keep the cluster members synchronized.
If a password update fails and the subsequent rollback succeeds, the Verified column of the Compound section of the Account Details page displays a yellow warning symbol next to the server on which the update failed. A tooltip indicates the specific error message.
If a password update fails and the subsequent rollback fails, the Verified column displays a red X symbol next to the server on which the rollback failed. A tooltip displays the specific error message, and the password on this server is out-of-sync.
Compound accounts respect existing target account functions such as: workflow, scheduled jobs, auto-connect, and target group membership.
Target Aliases
A target alias enables an A2A requestor to request credentials from a specific account without transmitting the account user name and password. Target aliases are account-specific and are generated when the account is created. Privileged password accounts do not use target aliases.
Password Viewing
Credential Manager generates a log entry each time a user views a password.
A report is available that lists each time that an attempt was made to view an account password.
Credential Manager allows GUI users to view target account passwords for both synchronized and non‑synchronized target accounts. If you enable the change password on view feature, Credential Manager automatically changes viewed synchronized account passwords after a set time interval. The change password on view feature works with compound accounts, so the password is changed on all servers even if only one account is accessed.
Password Updating
When you update a target password and the synchronization flag is set, Credential Manager automatically verifies the password. When you update any other target account information, manually perform password verification by selecting
Verify Password
.When adding a target account, you can configure Credential Manager to use an alternate account with sufficient privileges (that is, a master account) to update a specific target account password, rather than using the target account directly. This method permits Credential Manager to synchronize headless accounts that do not have permission to change their own passwords. Also, it ensures that Credential Manager can change the password even if a user has changed the password manually on the target system.
Selecting to use an alternate account for password updating opens a Find Account pop-up window with a table listing the target accounts that can be selected and their relevant information (that is, application name, application type and host name). By default, Credential Manager displays the target accounts filtered by application name. You can select to filter by account name or host name, or to show all the target accounts that are defined in the system. All target accounts can be selected. Typically, the other account is an account of the same application. For example, the password for an Oracle database account is changed by a privileged account on the same database. It is also possible to use another account which is associated with a different application.
Using either an LDAP or AD account to change the password of a UNIX account is the only dissimilar account combination that is supported. It is your responsibility to select compatible combinations.
When using the other account option, the target account that is used to update the password cannot be the current target account. If you select the current target account, an error message results when you attempt to save the settings. If you want the current target account to be the account that is used to change its own password, select the "Account can change own password" option.
The initial password that you enter must be the same as the password on the target account, unless a user with more privileges (for example, root) is used to update the password.
Complex Passwords with Special Characters
SSH private keys and certain complex passwords can be difficult to input with CLI commands because the keys and passwords can contain special characters such as spaces, line feeds, and carriage returns. If the password being supplied contains such special characters, the shell (Windows and UNIX) can interfere with the interpretation of them. In this case, the information that is received by the Credential Manager server through the shell is corrupt or not the information that the user intended.
To avoid this issue, perform base-64 encoding on the complex password before specifying them to CLI commands, such as
addTargetAccount
or updateTargetAccount
. Ensure the passwordIsBase64Encoded
parameter for the command is set to true.CA Technologies
recommends the following utilities to perform the base-64 encoding:- For Windows, use the b64 utility available at: http://sourceforge.net/projects/base64/.
- For Linux and UNIX, use thebase64built-in command.
- For OS X, use thebase64built-in command.
CA Technologies
recommends the following utilities to verify file hashes:- For Windows, use the Microsoft File Checksum Integrity Verifier utility available at: http://www.microsoft.com/en-us/download/details.aspx?id=11533.
- For Linux, use thesh1sumcommand.
- For OS X, use theshasumcommand.
Add a Target Account from the GUI
Follow these steps:
- SelectCredentials,Manage Targets,Applications. The Account List page appears with a list of existing target accounts.
- SelectAdd. The Account Details page appears.
- Select the magnifying glass to find an existing target server.
- Select the magnifying glass to find an existing target application on the host server, or select+to create a target application. Depending on the application type of the target application, more fields appear.
- Enter the account name.The account name must be unique for a given target application and must be the account name that is used by the target system. For example, on a UNIX system, the account name is the UNIXuserid.
- Select the password view policy for the account.
- Enter an initial account password or select the blue Generate Password icon to generate a default password. The Generate Password icon looks like a ring with a set of keys. It is located to the right of the Password field.
- If you are adding a compound account, see Add a Compound Target Account from the GUI.
- Select the appropriate synchronization option (for example, update both Credential Manager and the target system). This option is not available if the application type is “Generic”.
- Update only the Password Authority Server: Passwords are only updated in Credential Manager. Credential Manager and target system passwords can differ.
- Update both the Password Authority Server and the target system: Password updates are performed in both Credential Manager and the target system to maintain consistency.
- Modify or fill in the fields for the particular type of application you selected, as required.Some application types allow an account password to be updated from another account (for exampleroot). If this situation applies to you, select that account. The account that is used to change the password must already be registered in Credential Manager.
- Select whether the account type is A2A (application-to-application) or privileged account. This choice is only possible if your license allows for A2A devices. If you select A2A, more fields appear allowing you to add the target alias. See Add a Add_Target_Alias_GUI.
- (Optional) Enter an access type.Access type is a reference field for customer convenience. It can be used to define dynamic target groups. It is not used by Credential Manager.
- If you are using target groupings, enter descriptors for the target account.
- SelectSave. Your new target account is added to the list of accounts on the Account List page.
For most target account types, a Change Process option specifies whether the managed account can change its own password or whether another, higher-privilege account must do that. If you select "Use the following account to change password", a field appears below the legend so that you can enter the password-changing account.
Add a Compound Target Account from the GUI
Follow these steps:
- SelectCredentials,Manage Targets,Applications. The Account List page appears with a list of existing target accounts.
- Select Add. The Account Details page appears.
- Select the magnifying glass to find an existing target server.
- Select the magnifying glass to find an existing target application on the host server, or select+to create a target application. Depending on the application type of the target application, more fields appear.
- Enter the account name.The account name must be unique for a given target application and must be the account name that is used by the target system. For example, on a UNIX system, the account name is the UNIXuserid.
- Select the password view policy for the account.
- Enter an initial account password or select the blue Generate Password icon to generate a default password. The Generate Password icon looks like a ring with a set of keys. It is located to the right of the Password field.
- Select the Compound check box. The target server menu appears.
- Select Add. The target server selection box appears.
- Select the magnifying glass to find the server you want to add to the compound account.The target server that is selected as the host server cannot be added as a compound server for the account.
- Repeat steps 3 and 4 until you have added as many servers as you want.There is no limit on the number of servers you can add, but the functionality has only been tested to 20 servers.When adding compound accounts, "Update only the Password Authority Server" is the only valid synchronization option.
- Do steps 11-15 of the Add a Target Account from the GUI procedure.
- Once the compound account has been added, you can access the account and can change the synchronization option. Example: Update both Credential Manager and the target system. This option is not available if the application type is “Generic”.
- Update only the Password Authority Server: Passwords are only updated in Credential Manager. Credential Manager and target system passwords can differ.
- Update both the Password Authority Server and the target system: Password updates are performed in both Credential Manager and the target system to maintain consistency.
Add an EC2 Access Key Target Account from the GUI
Before doing this procedure, ensure that you have downloaded from AWS the
EC2 Private Key
file. The key file has a .pem
extension.Follow these steps:
- Select Credentials, Manager Targets, Applications. The Account List page appears with a list of existing target accounts.
- Select Add. The Account Details page appears.
- Select the lower magnifying glass to find and select the AWS Access Credential Accounts Application Name.When you do so, the Host Name and Device Name fields are populated with xceedium.aws.amazon.com and more fields appear.
- Select the Password View Policy (if needed) for the account.
- For AWS Access Credential Type, select the EC2 Private Key option button. The EC2 Private Key tab activates.
- Enter the EC2 Instance User Name, such asec2-user(for Amazon Linux), orroot(for Red Hat Linux), or other full permission account.
- Browse and upload the EC2 Private Key key file.
- In Key Pair Name, enter the filename of the EC2 Private Key you just uploaded, but without the extension.
- (Optional) Enter a passphrase to use with the EC2 private key in the Passphrase field.
- Select whether the account type is A2A (application-to-application) or privileged account. This choice is only possible if your license allows for A2A accounts. If you select A2A Account, more fields appear allowing you to add the target alias. See Add a Target Account From the GUI.
- (Optional) Enter an access type. Access type is a reference field for customer convenience. It is not used by Credential Manager
- SelectSave. Your new target account is added to the list of accounts on the Account List page.
Add a Target Alias from the GUI
Follow these steps:
- SelectCredentials,Manage Targets,Applications. The Account List page appears with a list of existing target accounts.
- SelectAdd. The Account Details page appears.
- Select the magnifying glass to find an existing target server.
- Select the magnifying glass to find an existing target application on the host server, or select+to create a target application. Depending on the application type of the target application, more fields appear.
- Enter the account name.The account name must be unique for a given target application and must be the account name that is used by the target system. For example, on a UNIX system, the account name is the UNIXuserid.
- Select the password view policy for the account.
- Enter an initial account password or select the blue Generate Password icon to generate a default password. The Generate Password icon looks like a ring with a set of keys. The icon is located to the right of the Password field.
- If you are adding a compound account, see Add a Compound Target Account from the GUI.
- Select the appropriate synchronization option (for example, update both Credential Manager and the target system). This option is not available if the application type is “Generic”.
- Update only the Password Authority Server: Passwords are only updated in Credential Manager. Credential Manager and target system passwords can differ.
- Update both the Password Authority Server and the target system: Password updates are performed in both Credential Manager and the target system to maintain consistency.
- Modify or fill in the fields for the particular type of application you selected, as required.Some application types allow an account password to be updated from another account (for exampleroot). If this situation applies to you, select that account. The account that is used to change the password must already be registered in Credential Manager.
- SelectA2Aas theAccount Type. More fields appear allowing you to add the target alias. See Add a Add_Target_Alias_GUI.
- Enter a target alias name. The target alias name must be unique across the Credential Manager.
- Enter the appropriate settings for password caching for the Credential Manager A2A Client:
- Use Cache First: The A2A Client looks for the password in local cache first. If there is no password or if the password is not the most recent, the A2A Client contacts the product appliance.
- Use Server First: The A2A Client contacts the product appliance to get the most recent password. If a password is unavailable, the A2A Client looks in the local cache.
- No Cache: The password is never stored in the local cache. The A2A Client always contacts the product appliance for the password.
- Set the cache duration.
- (Optional) Enter an access type.Access typeis a reference field for customer convenience. It can be used to define dynamic target groups. It is not used by Credential Manager.
- If you are using target groupings, enter descriptors for the target account.
- SelectSave. Your new target account is added to the list of accounts on the Account List page.
Add a Target Account from the CLI
Follow these steps:
- Add a target server:Windows: capam_command adminUserID=admin capam=mycompany.com cmdName=addTargetServer ^ TargetServer.hostName=Vienna-Lab3.cloakware.com TargetServer.ipAddress=11.1.0.3 ^ Attribute.descriptor1=Vienna Attribute.descriptor2=Lab Linux: capam_command adminUserID=admin capam=mycompany.com cmdName=addTargetServer \ TargetServer.hostName=Vienna-Lab3.cloakware.com TargetServer.ipAddress=11.1.0.3 \ Attribute.descriptor1=Vienna Attribute.descriptor2=Lab
- Enter your password at the prompt. Credential Manager returns the following XML command string.<CommandResult> <cr.itemNumber>0</cr.itemNumber> <cr.statusCode>400</cr.statusCode> <cr.statusDescription>Success</cr.statusDescription> <cr.result> <TargetServer> <Attribute.descriptor2>Lab</Attribute.descriptor2> <Attribute.descriptor1>Vienna</Attribute.descriptor1> <ID>1</ID> <createDate>Mon Nov 12 15:35:14 EST 2007</createDate> <updateDate>Mon Nov 12 15:35:14 EST 2007</updateDate> <createUser>admin</createUser> <updateUser>admin</updateUser> <hash>XhMAD33ITheWuMB1L89Zsxfdxsg=</hash> <hostName>Vienna-Lab3.cloakware.com</hostName> <IPAddress>11.1.0.3</IPAddress> </TargetServer> </cr.result> </CommandResult>
- Add a target application:Windows: capam_command adminUserID=admin capam=mycompany.com cmdName=addTargetApplication ^ TargetServer.hostName=Vienna-Lab3.cloakware.com TargetApplication.type=Generic ^ TargetApplication.name='Generic Application Type' Attribute.descriptor1=Vienna ^ Attribute.descriptor2=Lab Linux: capam_command adminUserID=admin capam=mycompany.com cmdName=addTargetApplication \ TargetServer.hostName=Vienna-Lab3.cloakware.com TargetApplication.type=Generic \ TargetApplication.name='Generic Application Type' Attribute.descriptor1=Vienna \ Attribute.descriptor2=Lab
- Enter your password at the prompt. Credential Manager returns the following XML command string.<CommandResult> <cr.itemNumber>0</cr.itemNumber> <cr.statusCode>400</cr.statusCode> <cr.statusDescription>Success</cr.statusDescription> <cr.result> <TargetApplication> <Attribute.descriptor2>Lab</Attribute.descriptor2> <Attribute.descriptor1>Vienna</Attribute.descriptor1> <ID>1</ID> <createDate>Mon Nov 12 15:38:32 EST 2007</createDate> <updateDate>Mon Nov 12 15:38:32 EST 2007</updateDate> <createUser>admin</createUser> <updateUser>admin</updateUser> <hash>kvSzMfnFi2iCIihAVt85+N2jzpc=</hash> <targetServerID>1</targetServerID> <type>Generic</type> <name>Generic</name> <policyID>0</policyID> </TargetApplication> </cr.result> </CommandResult>
- Add a target account:Windows: capam_command adminUserID=admin capam=mycompany.com cmdName=addTargetAccount ^ TargetServer.hostName=Vienna-Lab3.cloakware.com TargetApplication.name='Generic Application Type' ^ TargetAccount.userName=account1 TargetAccount.password=123456 ^ TargetAccount.cacheBehavior=useCacheFirst TargetAccount.privileged=false ^ TargetAccount.cacheDuration=20 TargetAccount.accessType='A generic system account' ^ TargetAccount.synchronize=false Attribute.changePasswordAfterViewing=true ^ Attribute.descriptor1=Vienna Attribute.descriptor2=Lab Linux: capam_command adminUserID=admin capam=mycompany.com cmdName=addTargetAccount \ TargetServer.hostName=Vienna-Lab3.cloakware.com TargetApplication.name='Generic Application Type' \ TargetAccount.userName=account1 TargetAccount.password=123456 \ TargetAccount.cacheBehavior=useCacheFirst TargetAccount.privileged=false \ TargetAccount.cacheDuration=20 TargetAccount.accessType='A generic system account' \ TargetAccount.synchronize=false Attribute.changePasswordAfterViewing=true \ Attribute.descriptor1=Vienna Attribute.descriptor2=Lab
- Enter your password at the prompt. Credential Manager returns the following XML command string.<CommandResult> <cr.itemNumber>0</cr.itemNumber> <cr.statusCode>400</cr.statusCode> <cr.statusDescription>Success</cr.statusDescription> <cr.result> <TargetAccount> <Attribute.descriptor2>Lab</Attribute.descriptor2> <Attribute.changePasswordAfterViewing>true </Attribute.changePasswordAfterViewing> <Attribute.descriptor1>Vienna</Attribute.descriptor1> <ID>1</ID> <createDate>Mon Nov 12 15:42:43 EST 2007</createDate> <updateDate>Mon Nov 12 15:42:43 EST 2007</updateDate> <createUser>admin</createUser> <updateUser>admin</updateUser> <hash>q3/BaUy9uPvtbUkKgIrXvgseGt8=</hash> <targetApplicationID>1</targetApplicationID> <userName>account1</userName> <password>14adc6a1a720e58ee52032364b98f95b</password> <accessType>A</accessType> <cacheAllow>true</cacheAllow> <cacheBehavior>useCacheFirst</cacheBehavior> <cacheDuration>20</cacheDuration> <privileged>false</privileged> <synchronize>false</synchronize> <passwordVerified>false</passwordVerified> <lastVerified> </lastVerified> </TargetAccount> </cr.result> </CommandResult>
- Decide whether the account type is A2A (application-to-application) or privileged account. This choice is only possible if your license allows for A2A accounts. For A2A accounts, add a target alias.Windows: capam_command adminUserID=admin capam=mycompany.com cmdName=addTargetAlias ^ TargetAlias.name=ViennaAlias5 TargetServer.hostName=Vienna-Lab3.cloakware.com ^ TargetApplication.name='Generic Application Type' TargetAccount.userName=account1 Linux: capam_command adminUserID=admin capam=mycompany.com cmdName=addTargetAlias \ TargetAlias.name=ViennaAlias5 TargetServer.hostName=Vienna-Lab3.cloakware.com \ TargetApplication.name='Generic Application Type' TargetAccount.userName=account1
- Enter your password at the prompt. Credential Manager returns the following XML command string.<CommandResult> <cr.itemNumber>0</cr.itemNumber> <cr.statusCode>400</cr.statusCode> <cr.statusDescription>Success</cr.statusDescription> <cr.result> <TargetAlias> <ID>1</ID> <createDate>Mon Nov 12 15:43:24 EST 2007</createDate> <updateDate>Mon Nov 12 15:43:24 EST 2007</updateDate> <createUser>admin</createUser> <updateUser>admin</updateUser> <hash>iB6pR3X7E8yP8p4RemqsChneEQc=</hash> <name>ViennaAlias5</name> <accountID>1</accountID> </TargetAlias> </cr.result> </CommandResult>
Add a Compound Account from the CLI
Follow these steps:
- Add a target server:Windows: capam_command adminUserID=admin capam=mycompany.com cmdName=addTargetServer ^ TargetServer.hostName=Unix server cluster TargetServer.ipAddress=11.1.0.3 ^ Attribute.descriptor1=Vienna Attribute.descriptor2=Lab Linux: capam_command adminUserID=admin capam=mycompany.com cmdName=addTargetServer \ TargetServer.hostName=Unix server cluster TargetServer.ipAddress=11.1.0.3 \ Attribute.descriptor1=Vienna Attribute.descriptor2=Lab
- Enter your password at the prompt. Credential Manager returns the following XML command string.<CommandResult> <cr.itemNumber>0</cr.itemNumber> <cr.statusCode>400</cr.statusCode> <cr.statusDescription>Success</cr.statusDescription> <cr.result> <TargetServer> <Attribute.descriptor2>Lab</Attribute.descriptor2> <Attribute.descriptor1>Vienna</Attribute.descriptor1> <ID>1</ID> <createDate>Mon Nov 12 15:35:14 EST 2007</createDate> <updateDate>Mon Nov 12 15:35:14 EST 2007</updateDate> <createUser>admin</createUser> <updateUser>admin</updateUser> <hash>XhMAD33ITheWuMB1L89Zsxfdxsg=</hash> <hostName>Unix server cluster</hostName> <IPAddress>11.1.0.3</IPAddress> </TargetServer> </cr.result> </CommandResult>
- Add one or more servers:Windows: capam_command adminUserID=admin capam=mycompany.com cmdName=addTargetServer ^ TargetServer.hostName=Vienna-Lab3.cloakware.com TargetServer.ipAddress=11.1.0.3 ^ Attribute.descriptor1=Vienna Attribute.descriptor2=Lab Linux: capam_command adminUserID=admin capam=mycompany.com cmdName=addTargetServer \ TargetServer.hostName=Vienna-Lab3.cloakware.com TargetServer.ipAddress=11.1.0.3 \ Attribute.descriptor1=Vienna Attribute.descriptor2=Lab
- Enter your password at the prompt. Credential Manager returns the following XML command string.<CommandResult> <cr.itemNumber>0</cr.itemNumber> <cr.statusCode>400</cr.statusCode> <cr.statusDescription>Success</cr.statusDescription> <cr.result> <TargetServer> <Attribute.descriptor2>Lab</Attribute.descriptor2> <Attribute.descriptor1>Vienna</Attribute.descriptor1> <ID>2</ID> <createDate>Mon Nov 12 15:35:14 EST 2007</createDate> <updateDate>Mon Nov 12 15:35:14 EST 2007</updateDate> <createUser>admin</createUser> <updateUser>admin</updateUser> <hash>XhMAD33ITheWuMB1L89Zsxfdxsg=</hash> <hostName>Vienna-Lab3.cloakware.com</hostName> <IPAddress>11.1.0.4</IPAddress> </TargetServer> </cr.result> </CommandResult>Repeat step 3 and 4 for each compound server you want to add. EachaddTargetServeroperation returns a new <ID> value.
- Add a target application.Windows: capam_command adminUserID=admin capam=mycompany.com cmdName=addTargetApplication ^ TargetServer.hostName=Vienna-Lab3.cloakware.com TargetApplication.type=Generic ^ TargetApplication.name='Generic Application Type' Attribute.descriptor1=Vienna ^ Attribute.descriptor2=Lab Linux: capam_command adminUserID=admin capam=mycompany.com cmdName=addTargetApplication \ TargetServer.hostName=Vienna-Lab3.cloakware.com TargetApplication.type=Generic \ TargetApplication.name='Generic Application Type' Attribute.descriptor1=Vienna \ Attribute.descriptor2=Lab
- Enter your password at the prompt. Credential Manager returns the following XML command string.<CommandResult> <cr.itemNumber>0</cr.itemNumber> <cr.statusCode>400</cr.statusCode> <cr.statusDescription>Success</cr.statusDescription> <cr.result> <TargetApplication> <Attribute.descriptor2>Lab</Attribute.descriptor2> <Attribute.descriptor1>Vienna</Attribute.descriptor1> <ID>1</ID> <createDate>Mon Nov 12 15:38:32 EST 2007</createDate> <updateDate>Mon Nov 12 15:38:32 EST 2007</updateDate> <createUser>admin</createUser> <updateUser>admin</updateUser> <hash>kvSzMfnFi2iCIihAVt85+N2jzpc=</hash> <targetServerID>1</targetServerID> <type>Generic</type> <name>Generic</name> <policyID>0</policyID> </TargetApplication> </cr.result> </CommandResult>
- Add a compound target account:Windows: capam_command adminUserID=admin capam=mycompany.com cmdName=addTargetAccount ^ TargetServer.hostName=Vienna-Lab3.cloakware.com TargetApplication.name='Generic Application Type' ^ TargetAccount.userName=account1 TargetAccount.password=123456 ^ TargetAccount.cacheBehavior=useCacheFirst TargetAccount.privileged=false ^ TargetAccount.cacheDuration=20 TargetAccount.accessType='A generic system account' ^ TargetAccount.synchronize=false Attribute.changePasswordAfterViewing=true ^ TargetAccount.isCompound=true TargetAccount.compoundServerIDs=1,2 Attribute.descriptor1=Vienna ^ Attribute.descriptor2=Lab Linux: capam_command adminUserID=admin capam=mycompany.com cmdName=addTargetAccount \ TargetServer.hostName=Vienna-Lab3.cloakware.com TargetApplication.name='Generic Application Type' \ TargetAccount.userName=account1 TargetAccount.password=123456 \ TargetAccount.cacheBehavior=useCacheFirst TargetAccount.privileged=false \ TargetAccount.cacheDuration=20 TargetAccount.accessType='A generic system account' \ TargetAccount.synchronize=false Attribute.changePasswordAfterViewing=true \ TargetAccount.isCompound=true TargetAccount.compoundServerIDs=1,2 Attribute.descriptor1=Vienna \ Attribute.descriptor2=LabFor theTargetAccount.compoundServerIDsparameter, list each<ID>value that is returned in steps 3 and 4, separated by commas.
- Enter your password at the prompt. Credential Manager returns the following XML command string.<CommandResult> <cr.itemNumber>0</cr.itemNumber> <cr.statusCode>400</cr.statusCode> <cr.statusDescription>Success</cr.statusDescription> <cr.result> <TargetAccount> <Attribute.descriptor2>Lab</Attribute.descriptor2> <Attribute.changePasswordAfterViewing>true </Attribute.changePasswordAfterViewing> <Attribute.descriptor1>Vienna</Attribute.descriptor1> <ID>1</ID> <createDate>Mon Nov 12 15:42:43 EST 2007</createDate> <updateDate>Mon Nov 12 15:42:43 EST 2007</updateDate> <createUser>admin</createUser> <updateUser>admin</updateUser> <hash>q3/BaUy9uPvtbUkKgIrXvgseGt8=</hash> <targetApplicationID>1</targetApplicationID> <userName>account1</userName> <password>14adc6a1a720e58ee52032364b98f95b</password> <accessType>A</accessType> <cacheAllow>true</cacheAllow> <cacheBehavior>useCacheFirst</cacheBehavior> <cacheDuration>20</cacheDuration> <privileged>false</privileged> <synchronize>false</synchronize> <passwordVerified>false</passwordVerified> <lastVerified> </lastVerified> </TargetAccount> </cr.result> </CommandResult>