Implementation Guide › CA IT PAM Considerations › Register CA IT PAM with a Shared CA EEM

Register CA IT PAM with a Shared CA EEM

You can register CA IT PAM with the CA EEM embedded in the CA Enterprise Log Manager management server. Registration with CA EEM adds CA IT PAM security objects.

CA IT PAM security objects added to CA EEM during registration include the following:

• The application instance, ITPAM
• Policies related to CA IT PAM access
• Groups and Users, including the predefined ITPAMAdmins, ITPAMUsers, itpamadmin, and itpamuser
• The certificate, itpamcert.p12

You can create the CA IT PAM security objects on the CA Enterprise Log Manager management server. Before you begin, obtain the caelmadmin password, if not already known.

To register CA IT PAM with the CA EEM on the CA Enterprise Log Manager management server

1. Log on to the CA Enterprise Log Manager appliance through ssh as the caelmadmin user.
2. Switch users to the root account.

   su -
   

3. Change directories to the target path and list the contents.

   cd /opt/CA/SharedComponents/iTechnology
   ls
   

4. Verify that the following files are listed:
   • ITPAM_eem.xml
   • safex
5. Execute the following command:

   ./safex -h <ELM_hostname> -u EiamAdmin -p <password> -f ITPAM_eem.xml
   

   This process creates the CA IT PAM application in the CA Enterprise Log Manager management server, adds the default users, and generates the certificate needed during IT PAM installation. The certificate is generated with the password you specified in the ITPAM_eem.xml file, or if not changed, itpamcertpass.

   Note: For help on using the safex command, type ./safex.

6. List the directory contents and verify that the itpamcert.cer is present.
7. Remove the CA IT PAM configuration XML file. This is recommended for security reasons.

   rm ITPAM_eem.xml