parda25

LDAP + RSA authentication implementation (2/3)

Blog Post created by parda25 Employee on Mar 13, 2018

Step2: PAM configuration

6. Unzip AM_Config.zip and import sdconf.rec.

 

CA Privileged Access Manager  Dashboard Access  Configuration  Configuration  e 3rd Party  AWS  Credentials  Policies  Settings  Configuration  O  Sessions Users Services V Devices  RSA Authentication Manager  RSA Files upload File  File Name  Current mandatory RSA configuration file  Currentoptional RSA configuration file  Node Secret  First name Last Name System Info Logout  O  DELETE  Exists  AWS API Proxy  LDAP  Microsoft Office  RADIUS and TAC'  Remedy Service C  RSA  SafeNet HSM  Splunk

 

 

CA Privileged Access Manager Client - 15535.24584  CA Privileged Access Manager  First name Last Name System Info  Dashboard Access  Configuration  Configuration  e 3rd Party  AWS  Sessions Users Services Devices Credentials Policies  Settings Configuration  Logout O  O  e  Confirmation: PAM-CM-0018: File sdconf.rec uploaded successfully! Please delete the Node Secret file if it exists to clear old cache.  RSA Authentication Manager  RSA Files upload File  CHOOSE FILE  AWS API Proxy  LDAP  Microsoft Office  RADIUS and TAC'  Remedy Service C  RSA  SafeNet HSM

 

CA Privileged Access Manager Client - 15535.24584  CA Privileged Access Manager  Dashboard Access  Configuration  Configuration  e 3rd Party  AWS  Credentials Policies  Settings Configuration  O  Sessions Users Services Devices  Confirmation:  RSA Authentication Manager  RSA Files upload File  File Name  Current mandatory RSA configuration file  Current optional RSA configuration file  Node Secret  PAM-UI-1315: RSA configuration File Deleted.  O  First name Last Name System Info Logout  O  DELETE  Exists  AWS API Proxy  LDAP  Microsoft Office  RADIUS and TAC'  Remedy Service C  RSA  SafeNet HSM

 

7. Make sure clear secret node.

CA Privileged Access Manager Client - 15535.24584  CA Privileged Access Manager  Dashboard Access  Configuration  Configuration  e 3rd Party  AWS  AWS API Proxy  LDAP  Microsoft Office 366  Sessions Users V Services V Devices V Credentials  O  Policies  Settings  Configuration  RSA Authentication Manager  RSA Files upload File  File Name  Currentmandatory RSA configuration file  Current optional RSA configuration file  Node Secret  First name Last Name System Info Logout O  O  DELETE  Exists  RADIUS and TACACS+  Remedy Service Desk  RSA  SafeNet HSM

 

 

8. Register RSA user in PAM

CA Privileged Access Manager Client - 15535.24584  CA Privileged Access Manager  First name Last Name System Info  Dashboard Access  Sessions  Users Services  Manage Users  Manage User Groups  Manage Roles  Devices  Session Manager Users  Column:  Value:  Credentials  RESET  Policies  FILTER  Phone  Settings  MV VIEWS  copy  Configuration  UPDATE  DELETE  Logout O  ENABLE  User Name  CATapApiUser  MCApiUser  super  First Name  CA ThreatAnalytics  MC Api  First name  Approve SmartCard Users  API user  user  Last Name  IMPORT/EXPORT  Email  danieLpark@cacom  daniel.park@ca.com  daniel.park@ca.com

 

Machine generated alternative text: Add User  Basic Into  user Name:  First Name:  Last Name:  Password:  Administration Roles  parda2Srsa  daniel  park  Access Times  Groups Credential Manager Groups  O  API Keys  Phone:  Cell Phone:  Keyboard Layout:  ROP user Name:  Mainframe Display Name:  Auto  Confirm Password:  Email: •  Description:  daniel.park@ca.com

 

Add User  Basic Into Administration  Authentication:  Account Enabled:  Account Activation:  Account Expiration:  Access Times  Local  Local  RSA  Groups  Credential Manager Groups  O  API Keys  Terminate Session on Account Expiration:  Email Self on Login:  Email on Login:  IP Ranges:  Timezone: UTC

 

CA Privileged Access Manager  CA Privileged Access Manager  Login to 155.35.245.84  Username:  Password:  Authentication Type:  Login  Local  Local  LOA P*RSA  Back  Cancel

 

— CA Privileged Access Manager  CA Privileged Access Manager  Username:  Login to 155.35.245.84  parda2Srsa  Authentication Type:  Login  Back  Cancel

 

Privileged  Manager  ccess  CA Privileged Access Manager  Devices  Credentials •  Policies  Settings  Configuration  Auto  Daniel Park  O  System Info  Dashboard Access  ashboard  Sessions  Logout O  co  Warning: PAM-CMN-1018: Configuration Password is still the default value.  Elements Under  User Information  10 Devices  Session Mana  Logins  esslons  ppliance Stat  Basic Into Administration Terminal Customization  user Name:  First Name:  Last Name:  Old Password:  Email: •  parda2Srsa  Daniel  Park  daniel.park@ca.com  Preterences  Phone:  Cell Phone:  Keyboard Layout:  ROP user Name:  Mainframe Display Name:  Last Successful Log-in:  2018/01/08 GMT-OOOO  IP 166.36.246.84  CPU  RAM  HOD  Hostname  166.36.246.84  Machine Type  Standard  MAC  18/01/05  18/01/04  18/01/01  18/01/01  17/12/2g  17/12/2g 00:3922  17/12/28  17/12/27  2017/12/27  Copyright 0 2018 CA Technologies. All rights reserved.  PAM-SPFO-0012: CA PAM11gog): super connectet  su r  PAM-SPFO-0015: CA PAM[1sg24): connection tern  30 of S8 Items  -30.246 - 166.3524684

 

 

Note: At first login, just enter Token code then you will be prompted with Enter PIN windows to set up PIN for RSA user.

Outcomes