<access> - Osirium PAM Device Access
<access> tag is used to define how Osirium PAM connects to devices.
This tag has the following attributes:
type (shell, rdp) : This defines the type of the access to the device.
default (yes, no) : This defines if this access method is the default one to be used when running Osirium PAM tasks at the device.
protocol (ssh, sshtelnet, rdp, winexe, https, http) : This defines the protocol to be used when establishing the connection through Osirium PAM to the device.
driver (str): This defines the name of the web driver class that will be used for http/https single sign-on.
write_size : The number of characters sent at a time to the device (a block).
write_delay: A delay (in ms) added in between blocks sent to the device.
A device can have multiple
<access> tags, but only one default. The default access method is what Osirium PAM will use to run tasks, unless the task specifies another method.
An access tag then contains other tags that make up the full access definition, namely:
Each of these tags defines important information about the connection.
Example: Command line access over SSH
A typical setup for SSH access to a device looks like this:
1 2 3 4
This is defining SSH as the default access method to a device. The shell prompt and any pre/post-amble tasks will be defined in the child tasks.
Example: Command line access over Telnet
A typical setup for Telnet access to a device looks like this:
1 2 3 4 5 6 7 8
This is defining Telnet as the default access method to the device.
Because Telnet does not authenticate in the protocol like SSH does, the device will send down a prompt when it wants the username entered. Likewise for the password.
Devices can also have a usage disclaimer or motd (Message Of The Day) that often appear before the username prompt. Banners can also appear after logon.
The four tags shown above before the
<shellprompt> tag allow for these steps to be defined in the template.
The protocol is named sshtelnet because the connection is SSH from the client to Osirium PAM, and Telnet from Osirium PAM to the device. This is to enhance the security of the connection.
Example: Windows device
A typical setup for a Windows device like this:
1 2 3 4
This is defining winexe as the default access method to the device.
As well as winexe access, a Windows device will typically need RDP access using a second
<access> tag like this:
Example: Browser access to a device
Web browser access to a device is also added using an
This should only be set to default in a template that only contains web single sign-on.
For more information on web sso drivers, please contact Osirium Technical Support.
Example: Controlling character transmission
Some more primitive devices, often firmware based rather than full operating systems, cannot handle the rate at which Osirium PAM sends characters. To slow this down you can use the write_size and write_delay attributes.
|write_size||The number of characters Osirium PAM sends at a time, like a buffer size.|
|write_delay||The time in seconds Osirium PAM waits between each write.|