Using fudopv¶
Execution parameters
fudopv [<options>] <command> [<parameters>]
Command/option/parameter | Description |
---|---|
Commands | |
getcert |
Fetch Wheel Fudo PAM SSL certificate. |
getpass <type> <account> |
Fetch password to selected account. type:
|
Options | |
-c <path> |
Use configuration file from provided path. |
--cfg <path> |
|
-h, --help |
Show options and parameters list. |
- Upload
fudopv
script to the server and change its access rights to allow execution.
- Log in to the Wheel Fudo PAM administration panel.
- Create a user object with
user
role, static or one-time password authentication and server’s IP address defined in the API section.
Note
- Select > .
- Click .
- Enter user’s name.
- Define account’s validity period.
- Select
user
from the Role drop-down list. - Assign safe and click the object to open its properties.
- Select the Reveal password option.
- In the Authentication section, select
Password
orOne time password
from the Type drop-down list. - In case of static password authentication, type in the password in Password and Repeat password fields.
- In the API section, click the i icon and enter the IP address of the server, which will be requesting passwords using
fudopv
script. - Click
- Run
fudopv getcert
command to initiate the configuration.
Note
fudopv
configuration files are stored in the .fudopv
folder in user’s home folder.
- Open
fudopv.cfg
file in a text editor of your choice.
Section | Description |
---|---|
[FUDO] |
|
address |
Wheel Fudo PAM’s IP address. |
cert_path |
Path to the Wheel Fudo PAM’s SSL certificate files. |
[CONN] |
|
bind_ip |
IP address of the server, running the fudopv script. The IP address must be the same as the IP address defined in the API section in user configuration. |
[AUTH] |
|
username |
User login as defined in step 3. |
otp |
Path to the otp.txt file containing the one time password. |
secret |
Path to the secret.txt file containing user’s static password. |
Note
- In the
[FUDO]
section, in theaddress
line, enter the Wheel Fudo PAM IP address. - Leave the
cert_path
line as is, it will be updated automatically after successfully running thefudopv getcert
command. - In the
[CONN]
section, uncomment thebind_ip
line and provide the IP address of the server running thefudopv
script. - In the
[AUTH]
section, in theusername
line, provide the login of the user object defined in step 3. - Depending on the users authentication method, comment the corresponding line defining the authentication secret information.
For example:
[FUDO]
address=10.0.0.8.61
cert_path=<CERT_PATH>
#[CONN]
bind_ip=10.0.0.8.11
[AUTH]
username=fudopv
#otp=/Users/zmroczkowski/.fudopv/otp.txt
secret=/Users/zmroczkowski/.fudopv/secret.txt
- Run
fudopv getcert
command to fetch Wheel Fudo PAM’s SSL certificate.
Note
After running the script successfully, the path to the certificate in the configuration file will be automatically updated.
- Edit the
secret.txt
file and provide user’s static password; or edit theotp.txt
file and store the one time password.
Note
- The one time password can be found in user’s properties, in the Authentication section.
- The
otp.txt
file will be automatically updated each time thefudopv getpass
command is run.
- Run command:
fudopv getpass direct <account_name>
, to fetch password to connect directly to the server.
fudopv getpass fudo <account_name>
, to fetch password to establish monitored connection with the target host.
Warning
Correct operation of the fudopv
script requires disabling the login reason prompt option in the safe’s properties.
Related topics: