Enterprise Administration Guide › Implementing Shared Accounts › SAM Automatic Login › Terminal Integration › Implementation Considerations for Terminal Integration
Implementation Considerations for Terminal Integration
Before you implement terminal integration, consider the following:
- You can configure terminal integration on Windows Agentless and SSH endpoint types on which CA ControlMinder is installed. You cannot configure terminal integration on other endpoint types.
- (UNIX) CA ControlMinder must use PAM login interception for the login program that is used to connect to the endpoint. For example, if users use SSH to connect to the endpoint, CA ControlMinder must use PAM login interception to intercept SSH logins.
To specify that CA ControlMinder uses PAM login interception for a login program, set the loginflags(pamlogin) flag in the LOGINAPPL record for the login program. For example:
editres loginappl SSH loginflags(pamlogin)
- You can enable terminal integration only for privileged account logins. Login integration does not work for service account logins.
- Terminal integration works only if you use automatic login to check out the privileged account.
- (UNIX) You can use terminal integration for only SSH logins. This restriction exists because terminal integration works only when a user uses SAM automatic login to check out a privileged account password and log in to the CA ControlMinder endpoint, and SAM provides only a login script for SSH logins.
If you write customized scripts to create login applications for other login types and you want to enable terminal integration for the other login types, set the loginflags(pamlogin) property for the LOGINAPPL record for the appropriate login program.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|