Previous Topic: Customize an SSH Device XML FileNext Topic: Network Device Connection Information

Enterprise Administration GuideImplementing Shared AccountsSAM Endpoint and Shared Account CreationCreate an EndpointSSH Device Connection InformationExample: How an SSH Device XML File Defines SAM Commands

Example: How an SSH Device XML File Defines SAM Commands

This example explains how a section of the SSH Device XML file defines the commands that SAM executes on an SSH Device endpoint. Each <item> element in the section defines the parameters for a specific action. Together, all the <item> elements create a script that defines how SAM interacts with the endpoint.

Each <item> element begins with the sCommand parameter. The sCommand parameter defines a command that SAM executes on the endpoint. The parameters after the sCommand parameter define any other actions that SAM performs after that command.

This example shows you how a section of the Cisco-UCS_connector_conf.xml file defines the commands that SAM uses to change privileged account passwords on a Cisco switch. The Cisco-UCS_connector_conf.xml file is located in the following directory:

ACServerInstallDir/Connector Server/conf/override/sshdyn

This example shows only a section of the Cisco-UCS_connector_conf.xml file. Additional elements in the file configure the connection to the Cisco switch and specify the commands that SAM executes to get users.

Note: For more information about the format of the SSH Device XML file, see the Reference Guide.

The following process shows you the commands that SAM executes to change privileged account passwords on a Cisco switch. To demonstrate how <item> elements configure the commands that SAM executes, the corresponding <item> element is given at the end of each step.

  1. SAM specifies to change the password for the privileged account. SAM performs the following actions to complete this step:
    1. SAM issues the following command: 
      set password
    2. SAM waits 500 milliseconds.
    3. SAM waits to receive the word: text string. When it receives this string, it proceeds to the next step.

    The following <item> element specifies the actions that SAM takes in this step:

    <item>
<param name="sCommand" value="set password" />
<param name="iWait" value="500" />
<param name="sWaitForText" value="word:" />
</item>
  2. SAM specifies the new password for the privileged account. SAM performs the following actions to complete this step:
    1. SAM sends the new password to the endpoint.

      SAM does not write the new password to the log file.

    2. SAM waits 500 milliseconds.
    3. SAM waits to receive the word: text string. When it receives this string, it proceeds to the next step.

    The following <item> element specifies the parameters for this command:

    <item>
<param name="sCommand" value="[%%password%%]" />
<param name="bHideSentLog" value="true" />
<param name="iWait" value="500" />
<param name="sWaitForText" value="word:" />
</item>
  3. SAM confirms the new password for the privileged account. SAM performs the following actions to complete this step:
    1. SAM resends the new password to the endpoint.

      SAM does not write the new password to the log file.

    2. SAM waits 500 milliseconds.
    3. SAM waits to receive the local-user* # text string. When it receives this string, it proceeds to the next step.

      If SAM receives a failure, invalid, or error text string, the password change failed.

    The following <item> element specifies the parameters for this command:

    <item>
<param name="sCommand" value="[%%password%%]" />
<param name="bHideSentLog" value="true" />
<param name="iWait" value="500" />
<param name="sWaitForText" value="local-user* #" />
<param name="sFailureResult" value="failure;invalid;error" />
</item>
  4. SAM commits the new password for the privileged account. SAM performs the following actions to complete this step:
    1. SAM issues the following command: 
      commit-buffer

      SAM does not write this command to the log file.

    2. SAM waits 500 milliseconds.
    3. SAM waits to receive the local-user # text string. When it receives this string, the password change is complete.

      If SAM receives the Error: Update failed: text string, the password change failed.

    The following <item> element specifies the parameters for this command:

    <item>
<param name="sCommand" value="commit-buffer" />
<param name="bHideSentLog" value="true" />
<param name="iWait" value="500" />
<param name="sWaitForText" value="local-user #" />
<param name="sFailureResult" value="Error: Update failed:" />
</item>

    The password change is complete.

More information:

The SSH Device XML File