Valid for Windows Agentless endpoints
You can use ODBC, OLEDB or OCI database password consumers to replace hard-coded passwords in applications that use ODBC, OLEDB or OCI to connect to a database. When an application tries to connect to the database, the SAM Agent intercepts the connection attempt and replaces the hard-coded password with the privileged account password that it retrieves from CA ControlMinder Enterprise Management.
The application must reside on a Windows Agentless endpoint on which CA ControlMinder is installed. If you want to create an OCI database password consumer, verify that the application uses OCI8 or later.
SAM uses a different plug-in to intercept each type of connection attempt. For example, the OCI plug-in intercepts connection attempts that use OCI. The following registry key controls the behavior of CA ControlMinder plug-ins:
HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\AccessControl\Instrumentation\PlugIns
The settings for each plug-in are located in the following subkeys:
To configure an endpoint to use a database (ODBC, OLEDB, OCI) password consumer
Note: Install CA ControlMinder on the endpoint on which the application that connects to the database is installed. You do not need to install CA ControlMinder on the database host.
This registry entry enables the plug-in.
This registry entry specifies the processes to which the plug-in applies. For example, if you are creating a password consumer for an IIS application, verify that w3wp.exe is a value of the registry entry.
Note: We recommend that you do not change the value of this registry entry yourself. For assistance, contact CA Support at http://ca.com/support.
You have configured the endpoint to use a database password consumer. You must now create a database password consumer for the application in CA ControlMinder Enterprise Management.
Note: If you create a password consumer for an IIS application, you must specify that the NT_AUTHORITY\NETWORK SERVICE and hostname\IUSR_hostname users can use the password consumer to get the privileged account password, where hostname is the name of the endpoint.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|