Support for TLS 1.2, AES256, and Kerberos v5 in CA PAM 3.4.X

book

Article ID: 210506

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

This case is for documenting support for TLS v1.2, AES256 and Kerberos v5 in CA  PAM 3.4.X

Environment

CA Privileged Access Manager v 3.4.X

Resolution

According to the following link

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/3-4-3/implementing/configure-policies-to-provision-user-access-to-devices-and-applications/configure-devices/set-up-access-to-a-target-device/access-methods.html

TLS v1.2 and AES256 are supported. Also, Kerberos v5 is supported as well.

Basically internally klist shows the client is v5

[email protected]:~# klist -V
Kerberos 5 version 1.15

apt list | grep krb

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

krb5-config/now 2.6 all [installed,local]
krb5-user/now 1.15-1+deb9u1 amd64 [installed,local]
libgssapi-krb5-2/now 1.15-1+deb9u1 amd64 [installed,local]
libkrb5-3/now 1.15-1+deb9u1 amd64 [installed,local]
libkrb5support0/now 1.15-1+deb9u1 amd64 [installed,local]

Which shows PAM is using KRB 5