Console Tool

The Pam.Tools.Aapm console utility allows the application to retrieve passwords and SSH keys for account records stored in Axidian Privilege. Install and configure the utility on the server from which the application runs.
Requests for retrieval and viewing of account data are logged in the Events section of the journal.

info

To add an application and grant it access to account data, read the Applications section.

Configuration

1. Navigate to the AAPM distribution and open the utility's configuration file appsettings.json.

2. In the   Auth  and  Endpoints  sections, specify values for the parameters:

   • Username  and  Password — the application name and password.
     The application administrator can can view this data in the user console.
   • CoreUrl — the address of the Core component.
   • IdpUrl — the address of the IdP component.
   • Certificate — the certificate identifier.
     Specify if client certificate fingerprint verification is configured.
     
     
   Configuration file example

   {
     "$schema": "appsettings.schema.json",
     "Auth": {
       "Username": "124", 
       "Password": "2cenQ>(/Q)+gxGN5h@!P-Sa=7]~qEl",
       "Certificate": ""
     },
     "Endpoints": {
       "CoreUrl": "https://pam.server/core",
       "IdpUrl": "https://pam.server/idp"
     },
     "NLog": {
       "variables": {
         "maxArchiveFilesPerCategory": 770
       },
       "rules": {
         "0_MicrosoftExtensionsIgnored": {
           "logger": "Microsoft.Extensions.*",
           "maxLevel": "Info",
           "final": true
         },
         "0_MicrosoftEfCoreIgnored": {
           "logger": "Microsoft.EntityFrameworkCore*",
           "maxLevel": "Debug",
           "final": true
         },
         "0_SystemIgnored": {
           "logger": "System.*",
           "maxLevel": "Info",
           "final": true
         },
         "1_File": {
           "logger": "*",
           "writeTo": "appdomainFile"
         }
       }
     }
   }

Launching the utility

Windows

1. Run PowerShell as administrator.

2. Navigate to the folder with the utility and run it with the required parameter:

   .\Pam.Tools.Aapm.exe <parameter>
   • get-accounts — list of account records whose data the application knows and can use.
   • get-ssh-key — SSH key for the specified account record.
   • get-password — password for the specified account record.
   • help — information about the specified command.
   • version — the utility version number.
     
     
   Command examples

   Outputs a list of accounts from permissions

   .\Pam.Tools.Aapm.exe get-accounts

   Outputs the password of the Axidian\ServiceOps account

   .\Pam.Tools.Aapm.exe get-password -n Axidian\ServiceOps

   Stores the command result in a variable and outputs the result

   $result = .\Pam.Tools.Aapm.exe get-ssh-key -n Axidian\ServiceOps
   echo $result

Linux

caution

To use the utility, install dotnet-runtime-8.0.

1. Navigate to the directory with the distribution /AxidianPAM_3.4/axidian-pam-tools/aapm

2. From the directory, open a terminal and run the utility with the required parameter:

   dotnet ./Pam.Tools.Aapm.dll <parameter>
   • get-accounts — list of account records whose data the application knows and can use.
   • get-ssh-key — SSH key for the specified account record.
   • get-password — password for the specified account record.
   • help — information about the specified command.
   • version — the utility version number.
     
     
   Command examples

   Outputs a list of accounts from permissions

   dotnet ./Pam.Tools.Aapm.dll get-accounts

   Outputs the password of the Axidian\ServiceOps account

   dotnet ./Pam.Tools.Aapm.dll get-password -n Axidian\ServiceOps

   Stores the command result in a variable and outputs the result

   result=$(dotnet ./Pam.Tools.Aapm.dll get-ssh-key -n Axidian\ServiceOps)
   echo $result