How to manage target account of CheckPoint device from PAM

Blog Post created by parda25 Employee on Mar 14, 2018


This article is providing customized script to manage local account for Checkpoint device using GAIA OS.


Testing environment

  • PAM 2.7.x - 2.8.3
  • Checkpoint Citi Firewall.
  • GAIA 77.30 and 80.10.



Assuming that device/policy and target account/application is set.

Step1. Go to Password Management -> Target Application and select 'Unix' as application type.

Step2. Move to 'Update Credentials Script' section and select 'Use a replacement script'.

Step3. Find attached script in this article and open it with text editor.

Step4. copy the contents of the script and paste in the replacement script field.

Step5. Move to 'Verify Credentials Script' section and repeat step3 and 4.

Step6. Save and test.



Checkpoint GAIA OS is not officially supported by CA PAM and this is not guaranteed working with other device or GAIA version.