Connection Modes¶
Connection modes specifies transport layer used in the secret change process. The transport layer determines the list of available commands and default variables.
SSH¶
SSH connection mode uses SSH protocol to establish connection with remote host.
Commands
Command |
Description |
|---|---|
INPUT |
Command executed on target host. |
EXPECTED |
Expected result. |
ENTER |
|
DELAY |
Delay between commands’ execution. |
Variables
Variable |
Description |
|---|---|
transport_bind_ip |
Fudo IP address used to establish connection with the remote host. |
transport_host |
An IP address of the remote host that the secret changer/verifier connects to. |
transport_host_public_key |
Public key of the remote host. |
transport_login |
An account on the target system authorized to change secrets. |
transport_method |
Transport layer authentication method: |
transport_password_prompt |
Regular expression describing the password prompt. Note In case this parameter is defined as constant but the user does not explicitly define the value after the secret changer is assigned to the account, the default string will be used to determine the password prompt. |
transport_port |
A port number that the secret changer/verifier connects to. |
transport_secret |
Secret used to authorize the account to execute secret change. |
account_login |
Login of the user whose secret is being changed. |
account_new_secret |
System default variable initiated with the value automatically generated by Fudo. |
account_secret |
Password for the account. This password will be verified. |
enable_password |
Password for raising privileges. |
mysql_login |
Login for the privileged MySQL account. |
mysql_password |
Password for the privileged MySQL account. |
LDAP¶
LDAP transport layer runs an LDAP query to change the password property of an object defined in the directory service.
Commands
Command |
Description |
|---|---|
DN |
Directory service DN (Distinguished Name) parameter. |
FILTER |
Directory service user filter. |
Note
Secret changers based on the LDAP transport layer can have only one command defined.
Variables
Variable |
Description |
|---|---|
transport_base |
Base distinguished name. |
transport_bind_ip |
Fudo IP address used to establish connection with the remote host. |
transport_ca_certificate |
CA certificate of the target system. |
transport_domain |
Domain used to login to the target system. |
transport_encoding |
Text encoding used by the target system. |
transport_host |
An IP address of the remote host that the secret changer/verifier connects to. |
transport_login |
An account on the target system authorized to change secrets. |
transport_port |
A port number that the secret changer/verifier connects to. |
transport_secret |
Secret used to authorize the account to execute secret change. |
transport_server_certificate |
Certificate of the target server. |
account_domain |
Domain of the user whose secret is being changed. |
account_login |
Login for the account for which password will be changed. |
account_new_secret |
System default variable initiated with the value automatically generated by Fudo. |
Telnet¶
Telnet connection mode uses Telnet protocol to establish connection with remote host and continue to communicate with the server in order to change the secret.
Commands
Command |
Description |
|---|---|
INPUT |
Command executed on target host. |
EXPECTED |
Expected result. |
ENTER |
|
DELAY |
Delay between commands’ execution. |
Variables
Variable |
Description |
|---|---|
transport_bind_ip |
Fudo IP address used to establish connection with the remote host. |
transport_host |
An IP address of the remote host that the secret changer/verifier connects to. |
transport_login |
An account on the target system authorized to change secrets. |
transport_port |
A port number that the secret changer/verifier connects to. |
transport_secret |
Secret used to authorize the account to execute secret change. |
account_login |
Login of the user whose secret is being changed. |
account_new_secret |
System default variable initiated with the value automatically generated by Fudo. |
transport_secret |
Secret used to log in to the target system. |
enable_password |
Password for raising privileges. |
WinRM¶
WinRM transport layer uses Windows Remote Management protocol to interface with remote operating system and facilitate secret change. WinRM is compatible with Certificate Revocation List (CRL) so that the used digital certificates are always up to date and valid.
Note
The default settings of WinRM Secret Changer and Verifier allow changing and verifying secrets of local users only. If the domain users should be included too, add them to the “Allow log on locally” group so that the executing script takes domain users’ passwords while running, too.
Commands
Command |
Description |
|---|---|
INPUT |
Command executed on target host. |
EXPECTED |
Expected result. |
ENTER |
|
DELAY |
Delay between commands’ execution. |
Variables
Warning
To configure WinRM secret changers, you need to provide user credentials with the authority to change secrets (typically an admin-level account). However, it’s important to avoid using this account to change its own secret, as WinRM will return an error that Fudo Enterprise cannot process. Make sure that the account_login and transport_login variables are set to different values.
Variable |
Description |
|---|---|
transport_bind_ip |
Fudo IP address used to establish connection with the remote host. |
transport_ca_certificate |
CA certificate of the target system. |
transport_encoding |
Text encoding used by the target system. |
transport_host |
An IP address of the remote host that the secret changer/verifier connects to. |
transport_login |
An account on the target system used to change secrets. It has to be different from the account on which the secret is being changed (account_login variable). |
transport_port |
A port number that the secret changer/verifier connects to. |
transport_secret |
Secret used to access the account to execute secret change. |
account_login |
Login of the user whose secret is being changed. |
account_new_secret |
System default variable initiated with the value automatically generated by Fudo. |
account_domain |
Domain of the user whose secret is being changed. |
Related topics: