Symantec Privileged Access Management

  • 1.  How to integrate Toad with a TCP/UDP service?

    Posted Sep 07, 2018 11:56 AM

    Good day:

     

    I need integrate Toad with CA PAM, and i want to execute the following command from CA PAM using TCP/UDP service, but passing parameters.

     

    Original command

    "C:\Toad.exe -c personBD/PasswordPerson@DBName"

     

    Command with parameters

    "C:\Toad.exe -c ?/?@?"

     

    I am also using the "Oracle Target Connector".

     

    What are the name of the parameters?

    Why can I record Putty and Toad not?



  • 2.  Re: How to integrate Toad with a TCP/UDP service?
    Best Answer

    Broadcom Employee
    Posted Sep 14, 2018 04:42 AM

    Hello Juan,

     

    The Toad UI basically is a Windows application.

    To have session recording you can run this as a Published RDP Application on a Jump Server.



  • 3.  Re: How to integrate Toad with a TCP/UDP service?

    Posted Oct 01, 2018 04:44 PM

    Do you know what is the name of the parameter to send the name of the database?



  • 4.  Re: How to integrate Toad with a TCP/UDP service?

    Posted Sep 20, 2018 04:39 PM

    Good day:

     

    Basically Putty is also a Windows application, Putty is a TCP / UDP Service and Toad too, the problem is that I can not record what they do in Toad and in Putty I can.

     

    I attach a configuration screen to send the TCP / UDP service parameters to the Toad application.

     

    Toad TCP/UDP Service

     

     

    Greetings.



  • 5.  Re: How to integrate Toad with a TCP/UDP service?

    Posted Sep 20, 2018 04:40 PM

    Good day:

     

    Also I do not know how to send the name of the database. Can somebody help me ?

     

    Greetings.



  • 6.  Re: How to integrate Toad with a TCP/UDP service?

    Broadcom Employee
    Posted Sep 21, 2018 07:10 AM

    Hello Juan,

     

    Putty is "Text based" - that is the reason PAM can do session recording for it.



  • 7.  Re: How to integrate Toad with a TCP/UDP service?

    Broadcom Employee
    Posted Oct 01, 2018 04:39 PM

    did you ever find out what is the correct <tag> to pass on to toad?



  • 8.  Re: How to integrate Toad with a TCP/UDP service?

    Posted Oct 01, 2018 04:43 PM

    No, I already opened a ticket in support but they still do not give me the answer.



  • 9.  Re: How to integrate Toad with a TCP/UDP service?

    Broadcom Employee
    Posted Oct 02, 2018 10:25 AM

    for what it's worth,

     

    I've tried

    <user>/<Password>@<Schema> 

    <user>/<Password>@<Sid> 

    <user>/<Password>@<databasename> 

     

    none of these work.

     

    that said, this practice is frowned upon.

     

     

    Any user can look at the task manager and see the command line parameters with which the application was launched... and see the password.

     

    This would be a security loophole as the user can take the credentials and connect outside of PAM while their "Service" session is still on-going.

     

    The only secure way to do this, as I understand it, is to use a Microsoft Remote Desktop Services Server, publish the apps and use Transparent login scripts with (PAM) Remote Apps.



  • 10.  Re: How to integrate Toad with a TCP/UDP service?

    Posted Oct 02, 2018 12:02 PM

    I understand what you tell me, however the main point is to know what is the name of the parameter of the database that is sent.



  • 11.  Re: How to integrate Toad with a TCP/UDP service?

    Broadcom Employee
    Posted Oct 02, 2018 01:19 PM

    I get it - these <tags> aren't well documented either.

     

    it may not even exist; but if you find it, please do let me know..

     

    Check out this thread: https://communities.ca.com/ideas/235740958