Security

Reply
New Contributor

CPPM CLI accounts and access

Hi,

 

Not exactly sure if this is the correct location for this question.....apologies if not.

 

I am trying to find information about accessing the CLI of our clearpass policy manager. I am fine to access it using the appadmin account both locally and also using ssh. How do I give other accounts permission to also access the CLI? The accounts we have set up using the http interface are 'Super Admins' however they do not have permission to login using CLI (locally or over SSH).

 

I have found in the documentation info about setting up CPPM for ssh access to other devices but not actually to the CPPM itself.

 

Any help or pointing to right direction appreciated.

 

Re: CPPM CLI accounts and access

the only access for the CLI is via the login "appadmin".  There is no ability to create other user accounts for the CLI.

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
New Contributor

Re: CPPM CLI accounts and access

So is it generally accepted that most/all config needs to be done in the http interface? As far as I can tell there would be no way to audit the CLI access if all admins need to use the same login credentials?

Re: CPPM CLI accounts and access

Yes - all config is done in the UI.  Since the CLI access doesn't show up in the UI (access tracker), there is no way to audit who logged in from a user perspective.  

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Guru Elite

Re: CPPM CLI accounts and access

You should rarely have to go into the CLI after initial configuration.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor

Re: CPPM CLI accounts and access

Hi.

I'm about to upgrade Hyper-V integration services on my CPPM installation.

How would I do that if I can't execute i.e. "mount /dev/cdrom /media"?

 

Thanks.

Re: CPPM CLI accounts and access

cappalli said rarely, not never.

 

personally im not a huge fan of the only the appadmin account and then also having the password being the cluster password. but it is what it is and it works well enough.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: