The CA PAM Client has the possibility of connecting to CA PAM via a proxy.

There are companies where implementation of a PAM infrastructure with a proxy between the workstation clients and the PAM server requires each user to define the proxy in the GUI. In environments where users are not so upskilled, it may be interesting to find a way to install the CA PAM Client while having the proxy already configured, with no need to access the GUI and carry out this operation

The present document explains how to do this

The proxy setting for the CA PAM Client is stored on a per user basis in registry key [HKEY_CURRENT_USER\Software\JavaSoft\Prefs\com\ca]

In particular, values 

"xcd_proxy_manual_host"="<ip_address_of_proxy>"
"xcd_proxy_manual_port"="<port_of_proxy>"

are set whenever the proxy setting is filled in in the GUI

Besides this, in this same registry key the following value:

"xcd_proxy_mode"="/M/A/N/U/A/L" (proxy enabled)

or

"xcd_proxy_mode"="/D/I/R/E/C/T" (direct connection)

determines whether the proxy is active or not

To achieve this, set up the proxy in a PAM client in a working workstation for a certain user and make sure the settings are correct and you can connect to CA PAM

Afterwards, edit the registry and export key [HKEY_CURRENT_USER\Software\JavaSoft\Prefs\com\ca] as a reg file

The exported key may afterwards be distributed to other servers and users and they just need to double click on the received file to have the proxy automatically configured. A software distribution application may also be used to this effect.

There are a couple of important things to consider

• This is a per user setting. Namely if a user imports that registry key, it is mapped to itself, and an another user won't have that setting unless he imports the same key
• This setting is the same for any PAM client the user may have installed. Namely, if customer has two PAM Client installations, both will read the same registry setting.