Kron PAM Server Configuration

1 update the cors configuration in web xml linux cli \[root\@pam ]# sudo vi /pam/gui/conf/web xml 2 locate and update the following lines linux cli /cors … \<param name> cors allowed origins \</param name> \<param value> {rap url} e g , https //remote cloudpam com \</param value> … using the wildcard allows all access, but is not recommended for production environments 3 set the necessary and optional parameters to configure the kron pam remote privileged access management the following parameters are defined on the system config man screen of the kron pam web gui the necessary parameter parameter name default parameter value description rap cloud server http //localhost 7777/connect this parameter defines the remote access portal (rap) address the parameter can be defined as url with ip (e g , https //34 234 69 53/connect) or as url with domain name (e g , https //cloudpam com/connect) optional parameters parameter name default parameter value description rap rdp session duration limit warning before min 1 this parameter defines how many minutes before the rdp session expires that the timeout warning will be sent rap ssh session duration limit warning before min 1 this parameter defines how many minutes before the ssh session expires that the timeout warning will be sent rap token expiration period 1 this parameter indicates the lifespan of a token and is used to prevent the creation of long term invitation links rap http session duration limit warning before min 1 this parameter defines how many minutes before the http container session expires that the timeout warning will be sent rap client otp enabled false this parameter defines whether the mfa feature is used during the login process of remote privileged access management rap passcode characters count 8 this parameter shows how many characters are used in the passcode definition this parameter's value should be numeric, and the default value is 8 if the system admin defines this parameter as 4 or fewer, the passcode is created with 4 characters rap passcode only numeric text false this parameter's value should be a boolean, and the default value is false if this parameter's value is set as true, the passcode only contains numeric values; however, if this parameter's value is set as false, the passcode contains alphanumeric values optional parameters for sms feature in kron pam remote privileged access management parameter name example parameter value description rap sms http url https //api xxxxxxx com/v1/send sms this parameter defines the url of sms service that is used to send sms via http for kron pam remote privileged access management tokens rap sms http body \<request>\<authentication>\<username>11111111\</username>\<password>2222222\</password>\</authentication>\<order>\<sender>kron\</sender>\<senddatetime>\</senddatetime>\<message>\<text> \<!\[cdata\[dear %usereid%, please use the passcode below during login phase of your kron pam remote privileged access management connection passcode %passcode% kron pam remote privileged access management connection (access on web browser) %connurl%]]> \</text>\<receipents>\<number>%phonenumber%\</number>\</receipents>\</message>\</order>\</request> this parameter defines the sms message content using http protocol for kron pam remote privileged access management tokens rap sms smpp body (alternative to the previous parameter) {example smpp body} this parameter defines the sms message content when using the smpp protocol for kron pam remote privileged access management tokens rap sms http headers content type\ text/xml this parameter defines the headers that are included in the sms for kron pam remote privileged access management tokens rap sms http encoding utf 8 this parameter defines a character encoding used in the sms for kron pam remote privileged access management tokens rap sms http method post or get this parameter defines the http method used in sms for kron pam remote privileged access management tokens rap sms http delimiter & this parameter defines the delimiter character used in the sms for kron pam remote privileged access management tokens rap sms channel http or smpp this parameter defines the sms channel typefor kron pam remote privileged access management tokens