The CA PAM client is not much different than the common browser interface. Since most common web browsers no longer support the use of Java Applets the CA PAM client became a more common way to use the product. The PAM Client is created using a customized Chromium Browser with local Java components to allow local access. Due to the updates required to maintain compatibility an update process is used to ensure the common components installed locally do match the version from the PAM server it is connected to.
Release : 3.3, 4.0
Component : PRIVILEGED ACCESS MANAGEMENT
Request For Information (RfI)
The general process of the way the CA PAM Client is installed and updated is as follows.
When first connecting to the CA PAM server through a standard web browser at https://<IP or DNS Name of the CA PAM server>/ the initial login screen will appear. A link is provided to download the proper client based on the operating system detected through the browser.
When the download button is clicked it with generate the download from the defined download location which by default is an external cloud location
All binaries are retrieved from an AWS Service called Cloudfront over HTTPS.
After The client is installed and launched and the connection to the CA PAM server has started the client version will either upgrade or downgrade to match the specific server build connected. This download will update the base client version by downloading from the specific appliance it is connected to.
Note that PAM client releases are not exact matches of any PAM server release. When a new PAM client connects to a PAM server for the first time, it always will have to update to the specific release/build the PAM server is running, even if the PAM server is running the GA release matching the PAM client release you installed.
The links below can provide greater details on the process.
Configure How the Client is Made Available
Use a Private Delivery Network to Distribute the Client Installer
See (Optional) Disable PAM Client Update Checking