Using fudopv¶
Execution parameters
fudopv [<options>] <command> [<parameters>]
Command/option/parameter | Description |
---|---|
Commands | |
getcert |
Fetch User Portal SSL certificate. |
getpass <type> <account> |
Fetch password to selected account. type:
|
Options | |
-c <path> |
Use configuration file from provided path. |
--cfg <path> |
|
-h, --help |
Show options and parameters list. |
- Upload
fudopv
script to the server and change its access rights to allow execution.
- Log in to the Fudo PAM administration panel.
- Create a user object with
user
role, static or one-time password authentication and server’s IP address defined in the API section.
Note
- Select > .
- Click .
- Enter user’s name.
- Define account’s validity period.
- Select
user
from the Role drop-down list. - Assign safe and click the object to open its properties.
- Select the Reveal password option.
- In the Authentication section, select
Password
orOne time password
from the Type drop-down list. - In case of static password authentication, type in the password in Password and Repeat password fields.
- If you want to limit the IP addresses allowed to access Fudo PAM over the API interface, in the API section, click the i icon and enter the IP address of the server, which will be requesting passwords using
fudopv
script. - Click
- Run
fudopv getcert
command to initiate the configuration.
Note
fudopv
configuration files are stored in the .fudopv
folder in user’s home folder.
- Open
fudopv.cfg
file in a text editor of your choice.
Section | Description |
---|---|
[FUDO] |
|
address |
User Portal’s IP address. |
cert_path |
Path to the User Portal’s SSL certificate files. |
[CONN] |
|
bind_ip |
IP address of the server, running the fudopv script. The IP address must be the same as the IP address defined in the API section in user configuration. This parameter is optional. |
[AUTH] |
|
username |
User login as defined in step 3. |
otp |
Path to the otp.txt file containing the one time password. |
secret |
Path to the secret.txt file containing user’s static password. |
Note
- In the
[FUDO]
section, in theaddress
line, enter the User Portal IP address. - Leave the
cert_path
line as is, it will be updated automatically after successfully running thefudopv getcert
command. - If you specified the IP address allowed to access Fudo PAM over API, in the
[CONN]
section, uncomment thebind_ip
line and provide the IP address of the server running thefudopv
script. - In the
[AUTH]
section, in theusername
line, provide the login of the user object defined in step 3. - Depending on the users authentication method, comment the corresponding line defining the authentication secret information.
For example:
[FUDO]
address=10.0.0.8.61
cert_path=<CERT_PATH>
#[CONN]
bind_ip=10.0.0.8.11
[AUTH]
username=fudopv
#otp=/Users/zmroczkowski/.fudopv/otp.txt
secret=/Users/zmroczkowski/.fudopv/secret.txt
- Run
fudopv getcert
command to fetch User Portal’s SSL certificate.
Note
After running the script successfully, the path to the certificate in the configuration file will be automatically updated.
- Edit the
secret.txt
file and provide user’s static password; or edit theotp.txt
file and store the one time password.
Note
- The one time password can be found in user’s properties, in the Authentication section.
- The
otp.txt
file will be automatically updated each time thefudopv getpass
command is run.
- Run command:
fudopv getpass direct <account_name>
, to fetch password to connect directly to the server.
fudopv getpass fudo <account_name>
, to fetch password to establish monitored connection with the target host.
Warning
Correct operation of the fudopv
script requires disabling the login reason prompt option in the safe’s properties.
Related topics: