Palo Alto Target Connector CLI Configuration
This topic includes CLI commands and parameters for adding Active Directory target applications and target accounts.
capam32
This topic includes CLI commands and parameters for adding Active Directory target applications and target accounts.
Palo Alto Add Target Application CLI Parameters
To add a Palo Alto target application and connector using the CLI, use the addTargetApplication command and the following command parameters:
TargetApplication.type
The target application connector type.
Required | Default Value | Valid Values |
yes | N/A | Palo Alto |
Attribute.sshPort
Indicates the port that is used to connect to the host using SSH.
Required | Default Value | Valid Values |
no | 22 | 0-65535 |
Attribute.sshSessionTimeout
When using an SSH connection, specifies the amount of time in milliseconds that Credential Manager waits for the remote host to respond.
Required | Default Value | Valid Values |
no | 5000 | 1000-99999 |
Attribute.scriptTimeout
Specifies the amount of time in milliseconds that Credential Manager waits to receive some expected input from the remote host.
Required | Default Value | Valid Values |
no | 5000 | 5000-59999 |
Attribute.useUpdateScriptType
Specifies whether the default, revised, or replacement update script should be used. If you require a revised or replacement script, use the default script and contact CA Services.
Required | Default Value | Valid Values |
no | 'DEFAULT' | 'DEFAULT', 'REVISED' or 'REPLACEMENT' |
Attribute.revisedUpdateScriptFilename
Specifies the name of the file containing the revised update script. The contents of the file is used as the revised script. We recommend that you use the default script and contact CA Services if you require a revised or replacement script.
Required | Default Value | Valid Values |
no | N/A | a file name |
Attribute.useVerifyScriptType
Verifies whether the default, revised, or replacement script gets used. If you require a revised or replacement script, use the default script and contact CA Services.
Required | Default Value | Valid Values |
no | 'DEFAULT' | 'DEFAULT', 'REVISED' or 'REPLACEMENT' |
Attribute.revisedVerifyScriptFilename
Specifies the name of the file containing the revised verify script. The contents of the file is used as the revised script. We recommend that you use the default script and contact CA Services if you require a revised or replacement script.
Required | Default Value | Valid Values |
no | N/A | a file name |
Attribute.userNameEntryPrompt
A regular expression that matches the prompt produced by the remote host when it requests a user name.
Required | Default Value | Valid Values |
no | (?si).*?(login|username):.*? | valid regular expression syntax |
Attribute.passwordEntryPrompt
A regular expression that matches the prompt produced by the remote host when it requests a password.
Required | Default Value | Valid Values |
no | (?si)(.*?password(\sfor|:).*?) | valid regular expression syntax |
Attribute.passwordConfirmationPrompt
A regular expression that matches the prompt produced by the remote host when it requests a password be confirmed.
Required | Default Value | Valid Values |
no | AIX: (?si).*?new password.*? All other platforms: (?si).*?password:.*?) | valid regular expression syntax |
Attribute.passwordChangePrompt
A regular expression that matches the prompt produced by the remote host when it requests that a password be changed because it has expired.
Required | Default Value | Valid Values |
no | (?si).*?change your password.*? | valid regular expression syntax |
Palo Alto Add Target Account CLI Parameters
To add an Active Directory target account that uses the target connector, use the addTargetAccount command and the following command parameters:
Attribute.useOtherAccountToChangePassword
Specifies whether to use the target account or a different account when updating the target account.
Required | Default Value | Valid Values |
yes | false | true, false |
Attribute.otherAccount
Specifies which other account to use when updating the target account.
Required | Default Value | Valid Values |
yes if Attribute.useOtherAccountToChangePassword is true. | N/A | a valid target account ID. |
Attribute.protocol
Specifies the protocol to use for communicating with the remote host.
Required | Default Value | Valid Values |
yes if useOtherAccountToChangePassword is false | SSH2_PASSWORD_AUTH | SSH2_PASSWORD_AUTH |
Attribute.pwType
The credential type; whether it pertains to a user or privileged (or "enable") account.
Required | Default Value | Valid Values |
yes | user | user, privileged |
Attribute.useOtherPrivilegedAccount
Required | Default Value | Valid Values |
yes | false | true, false |
Attribute.otherPrivilegedAccount
Required | Default Value | Valid Values |
no | N/A | a valid target account ID |
Attribute.changeAuxLoginPassword
Required | Default Value | Valid Values |
no | N/A | true, false |
Attribute.changeConsoleLoginPassword
Required | Default Value | Valid Values |
yes | N/A | true, false |
Attribute.changeVtyLoginPassword
Required | Default Value | Valid Values |
no | N/A | true, false |
Attribute.numVTYPorts
Required | Default Value | Valid Values |
yes if changeVtyLoginPassword is true | N/A | 1-15 |
Palo Alto CLI Example
cmdName=addTargetApplication TargetServer.hostName=www.ca.com TargetApplication.type=?????TargetApplication.name=PaloAltoAttribute.extensionType=????? Attribute.useDefaultUpdateScript=true Attribute.useDefaultVerifyScript=truecmdName=addTargetAccount TargetServer.hostName=www.ca.com TargetApplication.name=PaloAlto TargetAccount.userName=account1TargetAccount.password=password1 Attribute.protocol=SSH2_PASSWORD_AUTH Attribute.useOtherAccountToChangePassword=falsepwType=user useOtherPrivilegedAccount=false changeAuxLoginPassword=false changeConsoleLoginPassword=falsechangeVtyLoginPassword=true numVTYPorts=1