Use of Unix parameter "UsePAM yes" /etc/ssh/sshd_config dropping connections cannot access Via CA PAM
Article ID: 137589
Updated On:
Products
CA Privileged Access Manager - Cloakware Password Authority (PA)
CA Privileged Access Manager (PAM)
CA Privileged Access Manager - Server Control (PAMSC)
Issue/Introduction
After enabling in some Unix Systems the use of UsePAM yes in /etc/ssh/sshd_config, CA PAM cannot authenticate the target accounts.
This configuration is necessary so that it is possible to log user accesses in winscp.
Environment
Release : 3.2, 4.0
Component : PRIVILEGED ACCESS MANAGEMENT
Resolution
By default the library JAVA #jsch has a timeout of 20 seconds in order to the resolution happens. If it does happen the channel is closed by jsch. In case we had a dns server configured in target server that was not responding, then the target account didn´t work. https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager/3-3/unix-target-connector.html
Feedback
Yes
No
Powered by
