Revoke XML API key for a specific user who is configured on radius server.

Reply
L0 Member

Revoke XML API key for a specific user who is configured on radius server.

Hi,

 

I would like to revoke a xml api key for a specific user who is configured on radius server .

 

Changing the password on the radius server doesnt revoke the old api key of the user.

 

Firewall is still  athenticating the user using old api key.

 

Is there anyway of revoking api key of a specific user on palo alto firewall ?

 

Note : this specific user is an admin user with the help of api he is able to authenticate and get access of the firewall.

 

 

 

 

 

 

 

 

 

 

 

L4 Transporter

Re: Revoke XML API key for a specific user who is configured on radius server.

API keys are encrypted version of login+password , so they cannot be revoked , you need to change the password.

 

I could be wrong but after cache dies ( a few minutes/hours ) then the api key should not work anymore

L0 Member

Re: Revoke XML API key for a specific user who is configured on radius server.

We changed the password on the Radius server but still the firewall authenticates the admin user with the old key. Changed password on the Radius server also didnt help in our situation.
L4 Transporter

Re: Revoke XML API key for a specific user who is configured on radius server.

this is really weird , I would open a TAC case

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!