This article is to shows on how to configure A2A client agent on RedHat 7 / Centos 7 and test with example code.
PAM 3.0.x, PAM 4.x
Centos 7
Redhat 7
1. Go to product download page in support.ca.com after logging in and search Privileged Access Manager. Select PAM version and download "CA Privileged App to App Manager Debian" product.
2. Transfer "Unix A2A agent zip" file to target Linux server.
3. Unzip file
[[email protected] tmp]# unzip Unix\ A2A_GEN500000000000518.zip -d ./a2aclient Archive: Unix A2A_GEN500000000000518.zip creating: ./a2aclient/packages/ inflating: ./a2aclient/packages/cloakware_cspm_full_client_rhel50_x86.tar.gz inflating: ./a2aclient/packages/cloakware_cspm_full_client_sol10.tar.gz |
[[email protected] a2aclient]# chmod u+x setup_unix |
[[email protected] a2aclient]# mkdir ~/a2a [[email protected] a2aclient]# ./setup_unix Linux 64 ~/a2a/ <pam server address> .. Remember to set and export CSPM_CLIENT_HOME=/root/a2a//catech, or "include" /root/a2a//catech/cspmclient/bin/.cspmclientrc in all CAPAM A2A Client user's environment (/etc/[rc|profile] files) ***** CAPAM A2A Client Setup Process Finished Successfully ***** |
[[email protected] bin]# ./cspmclientd start Client Daemon 7388 started Now seed the local encryption with a unique password Cache persistence is turned off. Authentication is not required! |
7. Go to PAM client and set up for A2A test.
=========================1) Device -> Manage device -> Enable Access, Password Management and A2A
2) Create a Target Application
3) Create Target Account as A2A
===========
8. Configure A2A settings
1) Manage A2A -> Script
2) Manage 2A2 -> A2A Clients
3) Manage A2A -> Mapping
==========9. Test. SSH to target server and run example perl script to get credential.
[[email protected] examples]# ./example.pl a2atest true Return Code: 400 UserID: root Password: Password01 PASSED [[email protected] examples]# |