Custom password changers¶
Custom password changers enable defining a set of commands executed on a remote host in case the built-in password changers cannot handle a specific use case scenario.
Note
In cluster configuration, the node responsible for changing passwords on monitored systems is configured in system settings. For more information refer to Password changers - active cluster node topic.
Defining a custom password changer¶
- Select > .
- Select Custom changers tab.
- Click .
Note
Alternatively, you can find and click an existing password changer and click to create a new password changer based on currently opened definition.
- Define the password changer’s name.
- From the Script type drop-down list, select if the script is a password changer or password verifier.
- From the Connection mode drop-down list, select the transport layer.
- In the Timeout field, define the script’s execution time limit.
- In the Commands list section, click . to add a command.
Note
Available commands depend on selected transport layer. For more information on connection modes, refer to the Connection modes topic.
INPUT- command executed on target host.EXPECTED- expected result.ENTERDELAY- delay between commands’ execution.DN- directory service DN (Distinguished Name) parameter.FILTER- directory service user filter.
- Enter the command or define action’s parameters.
Note
You can use pre-defined transport layer or user defined variables in commands. To use or define a variable, enclose it in %% characters (e.g. %%transport_host%%, %%custom_variable%%).
- Click i to add optional comment.
- Repeat steps 8-10 to add more commands.
- In the Variables section, define variables’ attributes.
Note
Variables can be initiated with values referenced from other objects or they can be assigned a constant value.
Note
Example
In this password changer example, the password change is triggered with the passwd command executed with sudo privileges on a host running FreeBSD operating system.
Commands list
| Action | Content | Comment | |
|---|---|---|---|
| 1 | EXPECTED | Password |
Expected terminal output. |
| 2 | INPUT | %%transport_secret%% |
Privileged account password. |
| 3 | EXPECTED | \[newtd_pc@john-laptop.*\] |
Expected terminal output. |
| 4 | INPUT | sudo passwd %%account_login%% |
Change password to specified account. |
| 5 | EXPECTED | Password |
Expected terminal output. |
| 6 | INPUT | %%transport_secret%% |
|
| 7 | EXPECTED | Changing local password |
Expected terminal output. |
| 8 | EXPECTED | New Password |
Expected terminal output. |
| 9 | INPUT | %%account_new_secret%% |
|
| 10 | EXPECTED | Retype New Password |
Expected terminal output. |
| 11 | INPUT | %%account_new_secret%% |
|
| 12 | INPUT | echo $? |
|
| 13 | EXPECTED | 0 |
Variables
| Variable name | Object type | Object property | Encrypt |
|---|---|---|---|
| transport_method | constant |  |
|
| transport_bind_to | server_property | bind_ip | |
| transport_user | account | login | |
| transport_host | srever_address_property | host | |
| transport_port | server_property | port | |
| transport_secret | account | secret |  |
| tranposrt_host_public_key | constant | |
|
| account_login | account | login | |
Editing a custom password changer¶
Warning
Modifying a password changer that is already in use might require a manual change in every account it is assigned to.
- Select > .
- Select Custom changers tab.
- Click the name of desired password changer.
- Edit selected commands.
- Click i to remove selected command.
- Click .
Deleting a custom password changer¶
- Select > .
- Select Custom changers tab.
- Select desired elements and click .
- Confirm deleting selected objects.
Related topics: