Connection modes¶
Connection modes specifies transport layer used in the password change process. The transport layer determines the list of available commands and default variables.
SSH¶
SSH connection mode uses SSH protocol to establish connection with remote host.
Commands
| Command | Description |
|---|---|
| INPUT | Command executed on target host. |
| EXPECTED | Expected result. |
| ENTER | |
| DELAY | Delay between commands’ execution. |
Variables
| Variable | Description |
|---|---|
| transport_bind_ip | Fudo IP address used to establish connection with the remote host. |
| transport_host | An IP address of the remote host that the password changer/verifier connects to. |
| transport_host_public_key | Public key of the remote host. |
| transport_login | An account on the target system authorized to change passwords. |
| transport_method | Transport layer authentication method: password or sshkey. |
| transport_password_prompt | Regular expression describing the password prompt. Note In case this parameter is defined as constant but the user does not explicitly define the value after the password changer is assigned to the account, the default string will be used to determine the password prompt. |
| transport_port | A port number that the password changer/verifier connects to. |
| transport_secret | Secret used to authorize the account to execute password change. |
| account_login | Login of the user whose password is being changed. |
| account_new_secret | System default variable initiated with the value automatically generated by Fudo. |
LDAP¶
LDAP transport layer runs an LDAP query to change the password property of an object defined in the directory service.
Commands
| Command | Description |
|---|---|
| DN | Directory service DN (Distinguished Name) parameter. |
| FILTER | Directory service user filter. |
Note
Password changers based on the LDAP transport layer can have only one command defined.
Variables
| Variable | Description |
|---|---|
| transport_base | Base distinguished name. |
| transport_bind_ip | Fudo IP address used to establish connection with the remote host. |
| transport_ca_certificate | CA certificate of the target system. |
| transport_domain | Domain used to login to the target system. |
| transport_encoding | Text encoding used by the target system. |
| transport_host | An IP address of the remote host that the password changer/verifier connects to. |
| transport_login | An account on the target system authorized to change passwords. |
| transport_port | A port number that the password changer/verifier connects to. |
| transport_secret | Secret used to authorize the account to execute password change. |
| transport_server_certificate | Certificate of the target server. |
| account_domain | Domain of the user whose password is being changed. |
| account_new_secret | System default variable initiated with the value automatically generated by Fudo. |
Telnet¶
Telnet connection mode uses Telnet protocol to establish connection with remote host and continue to communicate with the server in order to change the password.
Commands
| Command | Description |
|---|---|
| INPUT | Command executed on target host. |
| EXPECTED | Expected result. |
| ENTER | |
| DELAY | Delay between commands’ execution. |
Variables
| Variable | Description |
|---|---|
| transport_bind_ip | Fudo IP address used to establish connection with the remote host. |
| transport_host | An IP address of the remote host that the password changer/verifier connects to. |
| transport_login | An account on the target system authorized to change passwords. |
| transport_port | A port number that the password changer/verifier connects to. |
| transport_secret | Secret used to authorize the account to execute password change. |
| account_login | Login of the user whose password is being changed. |
| account_new_secret | System default variable initiated with the value automatically generated by Fudo. |
WinRM¶
WinRM transport layer uses Windows Remote Management protocol to interface with remote operating system and facilitate password change. WinRM is compatible with Certificate Revocation List (CRL) so that the used digital certificates are always up to date and valid.
Note
The default settings of WinRM Password Changer and Verifier allow changing and verifying passwords of local users only. If the domain users should be included too, add them to the “Allow log on locally” group so that the executing script takes domain users’ passwords while running, too.
Commands
| Command | Description |
|---|---|
| INPUT | Command executed on target host. |
| EXPECTED | Expected result. |
| ENTER | |
| DELAY | Delay between commands’ execution. |
Variables
Warning
To configure WinRM password changers, you need to provide user credentials with the authority to change passwords (typically an admin-level account). However, it’s important to avoid using this account to change its own password, as WinRM will return an error that Fudo PAM cannot process. Make sure that the account_login and transport_login variables are set to different values.
| Variable | Description |
|---|---|
| transport_bind_ip | Fudo IP address used to establish connection with the remote host. |
| transport_ca_certificate | CA certificate of the target system. |
| transport_encoding | Text encoding used by the target system. |
| transport_host | An IP address of the remote host that the password changer/verifier connects to. |
| transport_login | An account on the target system used to change passwords. It has to be different from the account on which the password is being changed (account_login variable). |
| transport_port | A port number that the password changer/verifier connects to. |
| transport_secret | Secret used to access the account to execute password change. |
| account_login | Login of the user whose password is being changed. |
| account_new_secret | System default variable initiated with the value automatically generated by Fudo. |
Related topics: