Symantec Privileged Access Management

We are planning to use CA PAM to manage the service accounts so the passwords are updated on a regular basis. One of the challenge here is this change should be notified to the service owner in advance so he is prepared for this.

I don't  see this option is available OOB in CA PAM so i want to do this externally using a script, which run on a daily basis, identify the accounts with expiring password (based on the password age) and then notify the owner.

For this to work i should be able to fetch the user information and the password age from the PAM device programatically and calculate the date/time of the change.

Is this possible with credential management CLI interface? if yes please provide the guidance.

Thanks,

Sanal

Hi Sanal,

Check if your CLI is active in CA PAM.

We do not give OOTB scripts to perform this activity, but CA Services would be able to help you in creating such scripts.

If you would like to try, you can use Pearl Scripts and also look at API's for CA PAM to build you own scripts.

Thanks,

Reatesh.

Hi Sanal,

For details on activating CLI, you can as well look at this community post / discussion :

CA PAM, Credential Managment CLI access guide.

Thanks,
Reatesh.

Hi Ritesh,

Thanks for the response. I want to know how we can get this service from CA Services , what is the efforts required?

Please let me know.

Sent from my iPhone

On 30-May-2016, at 4:

Hi Sanal,

You can contact your CA Sales team to engage CA Services.

Best regards,

Lluis Domenech

CA Support Delivery Manager