How-to: Configure PAM with a "dummy account" for SMTP

book

Article ID: 131825

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction

The PAM 3.X GUI requires that an account be selected under the Credential Manager SMTP Email Server settings, even if SMTP Authentication will not be used. Optionally any account can be selected here as a placeholder, but if no authentication is being used for the SMTP server then a dummy (fake) account is recommended.

Benefits of a dummy account:
  • The Mail Server Address will be properly linked to the account which can help avoid configuration mistakes
  • Avoid possible Target Account problems in a situation where SMTP Authentication is turned on without re-configuring the placeholder account
  • Randomly selected placeholder accounts may be deleted or modified at some point


Environment

Any PAM 3.x
SMTP Server with no authentication required

Resolution

To create a "dummy account" and use it for SMTP follow these steps:
  1. Login to PAM as an Administrator
  2. Create a new Target Device for the mail server:
    • Choose any Name that will be recognizable (e.g: "SMTP Server" or the FQDN)
    • Under Device Address configure the Mail Server address PAM will use
    • Ensure the "Password Management" checkbox is checked
    • The "Access" and A2A checkboxes are not needed here
    • Keep defaults for other settings
  3. Create a new "Generic" Target Application:
    • For Device select the Target Device created in step 2
    • Choose any Name that will be recognizable (e.g: SMTP Application)
    • For Type, select "Generic"
    • Keep defaults for other settings
  4. Create a "dummy" Target Account:
    • Select the Device & Target Application created in steps 2 & 3
    • Choose a fake Account Name that will be recognizable (e.g: smtpDummyAccount)
    • Click the blue ribbon on the top right to generate a random password (to easily ensure it meets default complexity requirements)
    • Keep defaults for other settings
  5. Configure the new "dummy" Target Account for the SMTP Server:
    • Navigate to Settings > Credential Manager > Email Settings
    • Under Account Name, start typing in the box OR click the Grey Magnifying Glass and select the account created in step 4
    • Confirm the Host Name and other settings are correct
  6. Test to confirm the email settings work:
    • The easiest way to test emails is to create a Report Scheduled Job for 1 minute from now to send any report to an email address
 

Additional Information

Documentation on configuring Password Management emails:
https://docops.ca.com/ca-privileged-access-manager/3-2-4/en/implementing/protect-privileged-account-credentials/set-up-credential-manager-operation-settings/configure-email-preferences-for-password-view-policies/