Symantec Privileged Access Management

  • Private Community
 View Only

  • 1.  Transparent Login with AS400 endpoint CA PAM 3.x

    Posted Jan 31, 2018 09:37 AM

    Hello everyone, is possible to configure transparent login with target AS400 in CA PAM 3.x? Thank You!



  • 2.  Re: Transparent Login with AS400 endpoint CA PAM 3.x

    Broadcom Employee
    Posted Feb 01, 2018 12:40 PM

    It is possible to configure auto-login to an AS400 target in CA PAM 3.x .  We have done this using the TN5250 applet.

    Transparent login (i.e. auto-login with no credentials required) is only supported for RDP and SSH connections and is not supported for AS400 access.



  • 3.  Re: Transparent Login with AS400 endpoint CA PAM 3.x

    Posted Feb 01, 2018 03:19 PM

    Hello MAnttila, in first place, thank you for you answer about it, but, this process your comments, is via to create a target application and target account? Thank YOU.



  • 4.  Re: Transparent Login with AS400 endpoint CA PAM 3.x
    Best Answer

    Broadcom Employee
    Posted Feb 01, 2018 05:45 PM

    No, the process for auto-login uses the applets.  When I said target, I should have said access endpoint.  You set up an access method as described here: 

    https://docops.ca.com/ca-privileged-access-manager/3-0-2/EN/implementing/configure-your-server/master-provisioning-settings/apply-global-settings/access-methods-settings

     

    If you want to manage passwords on an AS400 device, then you would need a target application and account.

    https://docops.ca.com/ca-privileged-access-manager/3-0-2/EN/reference/credential-manager-target-connector-settings/as400-target-connector



  • 5.  Re: Transparent Login with AS400 endpoint CA PAM 3.x

    Broadcom Employee
    Posted Feb 01, 2018 11:33 PM

    Yes, for auto-logon you have to configure a target application and target account. The target account is then specified in a policy between user(group) and device(group). In PAM transparent login refers to a secondary login where when you run a command or start an application after having logged on to the target device already, PAM can automatically inject credentials again, e.g. when a user runs a sudo command on a UNIX host and the command asks for the password of the current user which you may not know if PAM logged you in automatically. This is only available for RDP and SSH connections, like Margaret said. But it looks like what you were interested in is auto-login rather than secondary transparent login.



  • 6.  Re: Transparent Login with AS400 endpoint CA PAM 3.x

    Posted Feb 02, 2018 11:19 AM

    Hello Ralf, 

    OK i understood about the auto login, but in the AS400's login process, is possible to inject other data relationament like how i describe in the image attached?

     

    This is with the objective to make a transparent login and the user go to the main menu without input that credentials.

     

    Please look the attached image.

     

     

    AS400 Login Credentials

     

     

     

    Thank You So Much!!!

     

    Adolfo.



  • 7.  Re: Transparent Login with AS400 endpoint CA PAM 3.x

    Broadcom Employee
    Posted Feb 02, 2018 11:34 AM

    Hi Adolfo, I still think you are talking about auto-login, not transparent login. Your login screen seems to be customized, at least localized. In general auto-login should work if you setup an access policy with a target account that has valid credentials. But it's possible that it doesn't work with a customized login page. If that's your problem, you can open a support case and we'll take a closer look.



  • 8.  Re: Transparent Login with AS400 endpoint CA PAM 3.x

    Broadcom Employee
    Posted Feb 02, 2018 12:04 PM

    Actually, if you are asking about whether the PAM mainframe applets can fill in fields other than username and password in the login page, the answer is NO.