CA PIM infrastructure, New DH__ hosts. Terminal rules


Article ID: 101608


Updated On:


CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)


Currently, we have an AD hosted account which we use to access and administer our windows based CA PIM infrastructure (both DMS__ and DH) Due to business changes, we need to vacate the usage of this account and move to using locally hosted accounts to access and administer our CA PIM Infrastructure. Brief synopsis of our environment:

<Hostname> DH__
<Hostname> DH__
<Hostname> DH__
<Hostname> DH__

Today we use this account: <accountname> Going forward, we need to use the local account "<accountname>" on each of the hosts. In addition to the local account "<accountname>" I have created a local group called "<groupname>" on each of the systems and made "<accountname>" a member. My question is: Do I need to define these local users/groups in CA Access Control and authorize them to use the terminal on each host so that things will work properly?


Needed new TARMINAL rules for the DH__ hosts and access to them


PIM: 12.8 SP1
OS: Windows


Need to create all the terminal records for DH__s in the DMS__ 
and then auth the users
It’s not needed to do that on the DH__WRITER, but it can be done. 

To prevent any user from logging in from the terminal tty123, need to specify nobody as the owner:

newres TERMINAL defaccess(none) owner(nobody)
To permit a user to log in from a particular terminal, need to enter the following command:

authorize TERMINAL uid(user1) access(R W)
This command permits user1 to log in from terminal tty123.

Permission to use a terminal can also be granted to a group. For example, the following command permits members of the group group1 to use the terminal tty34:

authorize TERMINAL gid(group1) access(R W)