RDP transparent login with a PuTTY client not working for many devices after upgrade from PAM 3.2.3 to 3.4

book

Article ID: 192991

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

After upgrade from PAM 3.2.3 to 3.4, some of the devices are not able to auto login through PAM via RDP transparent login configured in our system.
The transparent login is able to provide the Id for the user in the prompt but not the password.
This transparent login was working fine in 3.2.3.

The transparent login scripts are configured as follows:

<window id="">
  <edit id="[CLASS:Edit; INSTANCE:1]" text="{IP address for the device}"/>
  <sleep time="1000"/>
  <send text="{ENTER}" id="window"/>
  <sleep time="5000"/>
  <send id="" username="true"/>
  <send id="" text="{ENTER}"/>
  <sleep time="200"/>
  <send id="" password="true"/>
  <send id="" text="{ENTER}"/>
</window>

Cause

The new PAM release appears to process actions in the transparent login script with less lag time. If a short sleep time is specified between sending username and password, the password may get sent too quickly, before PuTTY or the target device is ready to process the input.

Environment

Release : 3.4

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

The problem was resolved by increasing the sleep time between sending the username and sending the password to the PuTTY client application from 200 ms to 1000 ms.

...

  <send id="" username="true"/>
  <send id="" text="{ENTER}"/>
  <sleep time="1000"/>
  <send id="" password="true"/>

...