Hello everyone, is possible to configure transparent login with target AS400 in CA PAM 3.x? Thank You!
It is possible to configure auto-login to an AS400 target in CA PAM 3.x . We have done this using the TN5250 applet.
Transparent login (i.e. auto-login with no credentials required) is only supported for RDP and SSH connections and is not supported for AS400 access.
Hello MAnttila, in first place, thank you for you answer about it, but, this process your comments, is via to create a target application and target account? Thank YOU.
No, the process for auto-login uses the applets. When I said target, I should have said access endpoint. You set up an access method as described here:
If you want to manage passwords on an AS400 device, then you would need a target application and account.
Yes, for auto-logon you have to configure a target application and target account. The target account is then specified in a policy between user(group) and device(group). In PAM transparent login refers to a secondary login where when you run a command or start an application after having logged on to the target device already, PAM can automatically inject credentials again, e.g. when a user runs a sudo command on a UNIX host and the command asks for the password of the current user which you may not know if PAM logged you in automatically. This is only available for RDP and SSH connections, like Margaret said. But it looks like what you were interested in is auto-login rather than secondary transparent login.
OK i understood about the auto login, but in the AS400's login process, is possible to inject other data relationament like how i describe in the image attached?
This is with the objective to make a transparent login and the user go to the main menu without input that credentials.
Please look the attached image.
Thank You So Much!!!
Hi Adolfo, I still think you are talking about auto-login, not transparent login. Your login screen seems to be customized, at least localized. In general auto-login should work if you setup an access policy with a target account that has valid credentials. But it's possible that it doesn't work with a customized login page. If that's your problem, you can open a support case and we'll take a closer look.
Actually, if you are asking about whether the PAM mainframe applets can fill in fields other than username and password in the login page, the answer is NO.