A2A Client Connection Security
When an A2A Client registers with CA PAM, the appliance identifies the Client using the following data, in this order:
When an A2A Client registers with
PAM, the appliance identifies the Client using the following data, in this order:
- Fingerprinting the host server.Fingerprinting must be enabled at the host on which the client resides.A server fingerprint consists of a combination of hardware characteristics. Examples: CPU serial numbers and network IDs. Credential Manager dynamically calculates the fingerprint of the server executing a script to validate the machine ID of the credential requestor.
- A unique client tokenThe client token is a unique request server identifier that identifies the client in the appliance database. When an A2A Client initially registers, the server generates a unique token for the client. For subsequent client requests, the server uses the token to retrieve credentials from the database.
- Domain Name Servers (DNS)Credential Manager uses the client host name as part of the client authentication process. Reverse IP lookup is also possible.
When a requestor application requests credentials, the credentials remain encrypted as they are transferred over the network. The A2A Client decrypts the credentials before passing them to the requestor.