Symantec Privileged Access Management Community Blog

  • Private Community
 View Only

New Webinar - Privileged Access Governance: Are You Certifying Privileged User Access?

By Ora Niknamfard
Despite the numerous, headline-making incidents in recent years, cybercrime continues to rise while organizations must contend with an ever-increasing attack surface. Many types of attacks depend on stealing and exploiting privileged credentials and accounts. ...
0 comments

Announcement regarding Layer7 Privileged Access Management Support for AdoptOpenJDK

By Michael Dullea
As outlined in CA’s recent general notice regarding Java, CA software products will be migrating to support open-source implementations of Java. For Layer7 products, primary support will shift from Oracle Java to AdoptOpenJDK, a popular free version ...
0 comments

CA Privileged Access Management Frequently Asked Questions

By Jean-Sebastien Cuche
Please review this useful information and links to help you be successful with your CA PAM implementation 1. Where to download the product? Note – CA PAM is distributed as Virtual Appliance On Premise, AWS and MS Azure, as well as HW Appliance – ...
0 comments

Top KB Docs for CA PAM - June 2018

By Christian Lutz
Below is a list of the KB Docs with the most views in June 2018: DLG_FLAGS_SEC_CERT_CN_INVALID How to troubleshoot CA PAM Access Page problems How to add an external MySQL Database to CA PAM I am getting "Access is denied" when I try to ...
0 comments

Tech Tip - CA Privileged Access Manager: PAM 3.0.1 A2A UNIX client not working after disabling TLS 1.0 and 1.1

By Ralf Prigl
Issue After disabling the "TLS v1.0/1.1 Connection Allowed" option on the Configuration > Security > Access page, our Linux A2A clients no longer work. It looks like they are not using TLS 1.2 when connecting to the PAM server by default. Cause ...
0 comments

Tech Tip - CA Privileged Access Manager: S3 bucket for session recording or DB backup does not mount after upgrade to PAM 3.X

By Ralf Prigl
Issue We used an S3 bucket with name x.y for session recording with PAM 2.8. After upgrade to PAM 3.X the bucket is not mounted successfully. Resolution PAM uses s3fs to mount an S3 bucket. PAM 3.x includes a newer version with tighter certificate ...
0 comments

Tech Tip - CA Privileged Access Manager: Remote CLI fails to find the keystore file on Windows

By Ralf Prigl
Issue After installing the PAM 3.1.1 remote CLI on a Windows host and preparing the keystore file following instructions at https://docops.ca.com/ca-privileged-access-manager/3-2/EN/programming/credential-manager-remote-cli-and-java-api/install-and-set-up-the-remote-cli-and-java-api ...
0 comments

Tech Tip:  Target accounts in Oracle multitenant architecture

By Margaret Anttila
Question: How do we manage target accounts that are sitting in containers in an Oracle multitenant architecture? Oracle RAC. Answer: Oracle 11g release 2 introduced a feature: SCAN. Single Client Access Node. The Target Application is ...
0 comments

Tech Tip - CA Privileged Access Manager: Cipher Suites supported by the Active Directory Target Application

By Ralf Prigl
Question What Cipher Suites are supported by the Active Directory Target Application in PAM 3.1.1? Answer The AD target application only connects to the secure 636 port of AD domain controllers. A good way to see which Cipher Suites ...
0 comments

Tech Tip - CA Privileged Access Manager: CVE-2018-1347 and CVE-2018-7489

By Ralf Prigl
Question Is PAM affected by the recently reported Apache Struts and Jackson-databind vulnerabilities, CVE-2018-1347 and CVE-2018-7489? Answer CA PAM is not affected by either vulnerability.
0 comments

Tech Tip - CA Privileged Access Manager: Threat Analytics launch from PAM dashboard results in blank page after upgrade from 2.8.3 to 3.0.2

By Ralf Prigl
Issue After upgrading PAM from 2.8.3 to 3.0.2, when I click on the Analytics icon on the PAM dashboard a browser session is launched but the page remains empty. When we check recent IdP log entries using the Configuration > Diagnostics > Diagnostic ...
0 comments

Tech Tip - CA Privileged Access Manager: CAPM 2.8.3 or 2.8.4 upgrade can cause problems with Thales HSM integration

By Ralf Prigl
Applying PAM 2.8.3 or 2.8.4 patches to an appliance that is integrated with Thales HSM may cause problems for the Password Management side of the product. This is because either of these two patches may overwrite configuration changes made for the HSM ...
0 comments

Tech Tip - CA Privileged Access Manager: Root account fails to update other accounts password if not in sudoers file

By Ralf Prigl
Issue On UNIX or Linux a privileged account can change the password of any other account by running a "sudo passwd <user>" command, assuming the privileged account is allowed to run "sudo passwd" per configuration in the /etc/sudoers file. The ...
4 comments

PAM not able to verify or change the password of Linux account

By Maria Celeste Catena
###### [Issue Summary] ###### We have tested the non root accounts in PAM, where we created a user in Linux and tried to integrate it with PAM. After saving the password in PAM, we found that the PAM is not able to change the password neither it can ...
2 comments

Tech-Tip: Not able to connect to PAM GUI after upgrade to 3.0.1

By Maria Celeste Catena
Symptom After upgrading to 3.0.1, the appliance is not reacheable via WebGUI. However the appliance is up and available via VMWare console. The network cards are enabled, but I can't communicate to those appliances anymore. This only for Virtual Machines. ...
1 comment

Tech Tip - CA Privileged Identity Manager - sesudo: Parameter is too long.

By Renato_Pioker
Question : Customer is using sesudo on a shell script created by their support team. Sesudo receives some large parameters and when we tried to execute the command, the following error appeared: "sesudo: Parameter is too long." Is it possible to ...
0 comments

Tech Tip - CA Privileged Access Manager: "Device CSV Import Error"

By Renato_Pioker
Problem : Customer built a CSV to import Devices into CA PAM but got the following error while importing it: "Message 10012: First CSV header must be Type not Type." Resolution : 1. Renamed the file from IMPORT_PAM.CSV to IMPORT_PAM.csv ...
0 comments

Tech Tip - CA Privileged Access Manager: @PasswordViewRequest.getStartDate@ and @PasswordViewRequest.getEndDate@ always displayed in UTC time

By wonsa03
CA Privileged Access Manager Tech Tip by Kelly Wong, Principal Support Engineer for 10th October 2017 Issue @PasswordViewRequest.getStartDate@ and @PasswordViewRequest.getEndDate@ used in One Click Approval Email Template always displayed in UTC ...
0 comments

Tech Tip - CA Privileged Access Manager: MindTerm session terminates unexpectedly

By wonsa03
CA Privileged Access Manager Tech Tip by Kelly Wong, Principal Support Engineer for 5th October 2017 Issue The MindTerm session terminates unexpectedly when user issues commands that produce a substantial amount of output. The issue is observed ...
0 comments