New Features and Enhancements in 3.4.2

Introduces the new features in PAM 3.4.2
capam342
2
Password View Request Updates
This release includes the following updates to the Password View Request feature:
  • The Reason Description and Reference Code fields are mandatory when a user attempts to view or access an account which has the Reason Required for View option or the Reason Required for Auto Connect option enabled in the Password View Policy. See Create a Basic Password View Policy.
  • A Comments field for a Password View Request is available when the Reason Required for View option or the Reason Required for Auto Connect option is enabled in the Password View Policy. This field is optional, and allows requesters to enter any comments that they want to record with the Password View Request. These comments can be reviewed by an auditor for normal Password View Requests or by the Approver in Dual Authentication or Retrospective Approval workflows. You can also use the Comments field with the viewAccountPassword CLI command with the new optional Comments parameter.
  • A banner is displayed on Password View Requests when the Reason Required for View or Reason Required for Auto-connect option is enabled in the Password View Policy. This banner can contain information about what users need to enter in the Reason Description and Reference Code fields when they attempt to view a password for an account. You can set this banner on the Credential Manager General Settings page or the Password View Policies page. If set as part of the Password View Policy, it takes priority over the General Setting. See Create a Basic Password View Policy and Set Up Credential Manager Operation Settings. The following CLI commands have been updated or have added parameters that support this feature: viewAccountPassword, addPasswordViewPolicy, updatePasswordViewPolicy, setSystemProperty.
Ability to Update the PAM Host File when Deployed in Restricted High Security Data Centers
This feature enables users to update the PAM host file from the PAM user interface when doing so through Symantec PAM Support assisted  Remote SSH Debug Access is not permitted. See Custom Host File Entries.
Enable Public Key Authentication
You can configure a TCP/UDP Service to connect to a target device using the Public Key Authentication method for a native SSH Application. See Create an SSH Service to Access a Device.
Ability to Customize the SSH Cipher Suite Used by PAM for Connections
PAM provides the ability to configure a subset of ciphers used by SSH connections for accessing devices.  The option to configure older vulnerable KEX/Ciphers/HMAC allows the management of legacy devices where newer ciphers are not supported or for systems that have not yet been updated to support the secure default cipher suite of PAM. This feature was originally introduced in 3.3.4. For more information, see Configure SSH Cipher Suites.