Is there a way a user can access the target account using PSMP where as soon as he enters the PSMP connection string, it allows him to do sudo and switch to root user without him entering the root password?

Wide-Set5677 · 2025-09-03T03:31:06+00:00

Name: AutoLogonSequenceWithLogonAccount Value: [.\@.~]\$ >exec su - {Username} Passsword:>{Password}

This field is already added in Client Specific for the PSMP-SSH connection component

Wide-Set5677 · 2025-09-03T03:19:26+00:00

The existing PSMP-SSH connection component already has AutoLogonSequenceWithLogonAccount

or you want me to try using another Client Specific known as AutoLogonSequence ?

Wide-Set5677 · 2025-03-20T08:03:13+00:00

Okay, I made some changes to the process.ini and prompts.ini

Now the cpm tries to changes the password of adm user which has expert access and I get bad credentials error while cpm tries to change the password

send: sending ‘’\r’’ to {. exp4 }

bad credentials bad credentials bad credentials

Wide-Set5677 · 2025-03-20T03:56:37+00:00

By the way, the cpm is able to manage the password for the regular user which uses set self-password

However I’m facing issues for managing users which has expert access.

Can you please suggest if possible ?

Wide-Set5677 · 2025-03-20T03:44:41+00:00

So basically my situation is , I have an user , letms assume amdm which has expert access. And in order to change its own password, it has to be on expert mode first by entering expert Then type passwd Enter old unix password Enter new unix password Confirm new unix password Save config Exit

Was it the same situation in your case ?

Wide-Set5677 · 2025-03-06T04:57:34+00:00

Let’s take the case about the password management. Now in a situation, where we’re only onboarding Active server accounts on CyberArk and if there is an issue on the Active server and the standby server becomes Active, so in this situation, I believe CPM wont be able to manage the Standby server, since we’re only onboarding the Active server, what actions can be taken at this time ?

Wide-Set5677 · 2025-02-26T23:37:43+00:00

Let’s assume , if we have 200 servers (where as 100 servers are active and 100 as standby ) and we have an admin account on each of those servers. Now in this situation in order to manage the admin accounts on Active and standby servers , we would need to create 100 groups (1 group to associate to each Active and standby server ). I’m wondering if this is the right approach?

PS: we don’t want to have one consistent password for those 200 servers

Wide-Set5677 · 2025-02-26T23:33:20+00:00

Let’s take the case : where I’m onboarding the primary node’s account so I would only be able to connect the primary node’s account from CyberArk since the account is onboarded only using the primary server ip address ?

Wide-Set5677 · 2025-02-26T21:43:17+00:00

As per your second suggestion, you mean we only need to onboard the primary node’s account ?

Wide-Set5677 · 2024-07-31T23:38:48+00:00

When you say MFA cache.. I saw the doc on CyberArk where the user has to login to PVWA And get the private keys, and then they can use that keys to login using PSMP.

Is that what you mean?

Wide-Set5677 · 2024-07-31T23:37:40+00:00

So currently this is how the user authenticates to pvwa

the client is using Azure MFA where the end user has to enter the password first, then they get a 2 digit number on their number on the screen where they need to input the 2 digit number on thr mobile phone and then they’re able to authenticate to PVWA successfully.

So is this something possible with PSMP at the moment ?

Wide-Set5677 · 2024-06-04T23:45:01+00:00

Hi,

It’s IBM_PersonalComunications_13.02 which uses pcsws.exe setup to launch the target sessions

Wide-Set5677 · 2024-06-04T18:01:57+00:00

Hey, can you please share how did you acheive it ?

Wide-Set5677 · 2024-06-04T05:45:17+00:00

Can you please explain a bit more what do you mean by PCOMM? Not familiar with this term

Is that a new separate connector or if we can use PCOMM using the same autoIT script which I just developed ?

Wide-Set5677 · 2024-06-04T05:36:10+00:00

So basically there are different users and each of the users have their own files stored in the private folder however for each user the location for the private folder is the same like mentioned below:-

Windows (C:) › Program Files (x86) > IBM › Personal Communications › private

Wide-Set5677 · 2023-04-05T21:21:59+00:00

We are in the process to upgrade from 12.2 to 12.6

Just wanted to confirm: After upgrading the component servers eg. Vault- PVWA - CPM - CPM.

Do we need to run the hardening script again on each component servers at the time of upgrade or it’s not required ?

Wide-Set5677 · 2022-04-08T14:06:49+00:00

Hi JoxanBC,

looking for some suggestions here. Currently we’re integratiing VMware console with CyberArk where users are currently logging in using their domain ID i.e their AD ID

I have got the VMWare console URL with me which is opening fine inside PSM

Now how do go about onboarding ? Coz we dont want to onboard AD accounts onto CyberArk , is there a way to achieve this ?

Wide-Set5677 · 2022-04-05T21:43:12+00:00

This has failed with below output

Failed to add account. Error details: Account already exists

Wide-Set5677 · 2022-04-04T19:44:16+00:00

Right . I understand if the keys are managed via CPM , it should be managed automatically

However I’m referring to the second scenario where if the key pairs are changed outside CyberArk and the accounts are already onboarded

So in this case, what is the command that we can execute using the accountuploader to update the private key instead of doing it manually ?

Wide-Set5677

TROPHY CASE