Can we clarify if there are any settings in CA PAM to show evidence of the following for user passwords;

1. Encrypt password before sending over the network such as encrypt passwords at the application layer before transmitting over a secure channel; (CAPAM & AD)

2. Ensure passwords are not displayed in clear

We understand that user passwords are stored only as hashes within CA PAM.

Release : 3.4

Component : PRIVILEGED ACCESS MANAGEMENT

All communications between client and PAM use https (can require TLS 1.2 if desired), so user passwords are never transmitted in cleartext. We do not process the password on the client-side, PAM is a web application (the client is just a custom web browser with Java support) thus client-side processing is not possible.

All communication with AD is over LDAPs and requires they configure their domain controllers with certificates that will allow secure LDAPs on port 636.