PAM - Auto Login to Mainframe

book

Article ID: 140058

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM) CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

Please refer to Documented steps for setting up mainframe connector TN3270

Environment

Release : 3.3.x

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

Step1: Install QWS3270Plus (For "TN3270" you must use QWS3270plus and not QWS3270Secure or the connection will fail)



Step2: Create device for your mainframe (in this sample, it is "Mainframe")



Step3: Create target application


Application Type is "IBM i"

Once you select this then you will see "IBM i" tab.

As this is "TN3270" connection, SSL/TLS must be unchecked.


Step4: Create target account



Step4: Create TCP Service

In this sample, the mainframe is listening on TCP port 23 so the 

Ports is set to "23:*" to ensure the destination is port 23 and local port will be ephemeral port.
Protocol is "TCP"

Application Protocol must be "TELNET"

Mainframe Protocol is "TN3270" (This sample is only for TN3270)

Client Application is "C:\QWS3270PLUS\qws3270p.exe" <Local IP> <First Port>


Step5: Associate Service with Device.



Step6: Create Policy


Ensure the target account is associated for auto-login.



Now the Access page should display the "QWS3270 NON-SECURE" service.


PAM will inject the user credentials so auto-login works.




Attachments