Operating systems

1. In the Add Account page, add the domain account that will be used to access the target account. Specify the following account properties:

2. Specify additional required and optional account properties.

For more information about adding accounts, refer to Add Accounts.

For specific information about the information required to add Windows Domain accounts, refer to Account properties.

For specific information about the information required to add Unix Domain/NIS accounts, refer to Account properties.

1. Click ACCOUNTS to display the Accounts page, then click Add Account; the Add Account page appears.

2. From the Store in Safe drop-down list, select the Safe where the account will be stored.

3. From the Device Type drop-down list, select the Operating System on which the new password is used.

4. From the Platform Name drop-down list, select an active target Domain platform.

5. Specify the account’s Required Properties and any relevant Optional Properties.

6. To configure a predefined list of addresses in the Domain account, select Limit Domain Access To; the text box becomes available.

7. In the text box, enter machine addresses, separated by Enter. You can copy and paste addresses, delete text and so on.

8. To enable end users to connect with this account to addresses that are not in the preconfigured list of addresses, select Allow User Connections to Other Machines. The end user will see the list of addresses when trying to connect with this account, but will be able to connect to other addresses as well.

9. Continue with specifying the password see page In the Password field, specify the password. Make sure this password meets your enterprise password policy requirements..

1. In the Accounts window, select the Account, then click Edit; the Edit Account window appears.

2. To add a list of addresses in the domain account, select the checkbox Limit Domain Access To.

3. In the right textbox, enter machine addresses, separated by Enter. You can copy and paste addresses, delete text and so on.

4. To enable the end users to connect with this account to addresses that are not in the preconfigured list of addresses, select Allow User Connections to Other Machines. The end user will see the list of addresses when trying to connect with this account, but will be able to connect to other addresses as well.

5. Click Save to save your changes; the Account Details page reappears and displays the updated list.

1. In the Accounts Details window, click Edit; the Edit Account window appears.

2. In the right textbox, add or delete addresses, separated by Enter. You can copy and paste addresses, delete text and so on.

3. To enable the end user to connect with this account to addresses that are not in the preconfigured list of addresses, select Allow User Connections to Other Machines. The end user will see the list of addresses when trying to connect with this account, but will be able to connect to other addresses as well.

4. Click Save to save your settings; the Account Details page reappears and displays the updated list.

1. Click Options to display the Web Access Options parameters, then select Connection Components to set the connection history.

2. Define the following parameters:

   Parameter	Description	Default Value
   EnableConnectAddressHistory	Determines whether or not a list of addresses accessed with the selected account will be displayed in the Connect with Account window	Yes
   MaxConnectHistory	Defines the maximum number of remote machine addresses that can be displayed in the Connect with Account window. The address history is saved per account for each PVWA user.	7 addresses
   MaxConnectAccountsNumber	Defines the maximum number of accounts whose machine addresses history will be displayed in the Connect with Account window.	20 accounts

3. In the Privileged Account Request parameters, define the following parameters:

   Parameter	Description	Default Value
   AddressSeparatorCharacter	Defines the separator between addresses for remote connections.	, (comma)
   AnyAddressCharacter	Defines the character that will represent “all addresses” in dual control requests	* (asterisk)

4. Click Apply to apply the new Connection Component configurations. Or,

5. Click OK to save the new Connection Component configurations and return to the System Configuration page.

1. In the ADMINISTRATION page, click Options; the Web Access Options are displayed.

2. Expand Connection Components, then expand PSM-SSH, and then Client Specific; the dynamic parameters for specific clients are displayed.

3. Set the EnableXForwarding parameter to Yes.

4. Click Apply to apply the new configurations immediately or,

5. Click OK to save the new configurations and return to the System Configuration page.

1. In the System Configuration page, click Options to display the Web Access Options parameters, then select Connection Components; the connection component parameters that define target addresses are displayed in the properties list.

2. Expand the connection component to customize, and then expand the Target Settings.

3. Right-click Client Specific, then in the pop-up menu select Add Parameter; a new parameter is added to the list of client specific parameters.

4. In the parameter properties, specify the following:

   • Name - The name of the client specific parameter. Specify CommandLineArguments.

   • Value - The command line arguments that will be sent to the wc3270 client at the start of the connection session.

     When you specify the value of the CommandLineArguments parameter, use the following guidelines:

     • Parameters that contain spaces must be enclosed in quotation marks.

     • To specify an option that creates files on the file system, make sure that the user running the PSM connection has permissions for the specified folder. For example, a command that creates a new file.

     • To run a command that manages the session file, specify the full path of the session file. In addition, do not specify the hostnames in the session file as the PSM server uses the hostname specified in the managed account.

       The following table lists the command options that are supported by PSM. For more information about the wc3270 options, refer to the wc3270 manual at http://x3270.bgp.nu/wc3270-man.html.

       Command option	Description
       -accepthostname spec	Specifies a particular hostname to accept when validating the name presented in the host's SSL certificate, instead of comparing to the name or address used to make the connection. spec can either be any, which disables name validation, DNS:hostname, which matches a particular DNS hostname, or IP:address, which matches a particular numeric IPv4 or IPv6 address.
       -allbold	Forces all characters to be displayed using the ‘bold’ colors (colors 8 through 15, rather than colors 0 through 7). This helps with PC console windows in which colors 0 through 7 are unreadably dim. All-bold mode is the default for color (3279) emulation, but not for monochrome (3278) emulation.
       -cadir directory	Specifies a directory containing CA (root) certificates to use when verifying a certificate provided by the host.
       -cafile filename	Specifies a PEM-format file containing CA (root) certificates to use when verifying a certificate provided by the host.
       -certfile filename	Specifies a file containing a certificate to provide to the host, if requested. The default file type is PEM.
       -certfiletype type	Specifies the type of the certificate file specified by -certfile. Type can be pem or asn1.
       -chainfile filename	Specifies a certificate chain file in PEM format, containing a certificate to provide to the host if requested, as well as one or more intermediate certificates and the CA certificate used to sign that certificate. If -chainfile is specified, it overrides -certfile.
       -charset name	Specifies an EBCDIC host character set. For more information about the available character sets, refer to in the wc3270 manual.
       -clear toggle	Sets the initial value of toggle to false. For a full list of available toggle names, refer to the wc3270 manual.
       -connecttimeout seconds	Specifies the time that wc3270 will wait for a host connection to complete.
       -hostsfile file	Uses file as the hosts file, which allows aliases for host names and scripts to be executed at login. For more information, refer the wc3270 manual
       -keyfile filename	Specifies a file containing the private key for the certificate file (specified via -certfile or -chainfile). The default file type is PEM.
       -keyfiletype type	Specifies the type of the private key file specified by -keyfile. Type can be pem or asn1.
       -keypasswd type:value	Specifies the password for the private key file, if it is encrypted. The argument can be file:filename, specifying that the password is in a file, or string:string, specifying the password on the command-line directly. If the private key file is encrypted and no -keypasswd option is given, the password will be prompted for interactively.
       -loginmacro Action(arg...) ...	Specifies a macro to run at login time.
       -model name	The model of 3270 display to be emulated. The model name is in two parts, either of which may be omitted: ■ The first part is the base model, which is either 3278 or 3279. 3278 specifies a monochrome (green on black) 3270 display; 3279 specifies a color 3270 display. ■ The second part is the model number, which specifies the number of rows and columns. Model 4 is the default.
       	Model Number	Columns	Rows
       	2	80	24
       	3	80	32
       	4	80	43
       	5	132	27
       	Technically, there is no such 3270 display as a 3279-4 or 3279-5, but most hosts seem to work with them . The default model is 3278-4.
       -oversize colsxrows	Makes the screen larger than the default for the chosen model number. This option has effect only in combination with extended data stream support (controlled by the “wc3270.extended” resource), and only if the host supports the Query Reply structured field. The number of columns multiplied by the number of rows must not exceed 16383 (3fff hex), the limit of 14-bit 3270 buffer addressing. It can also be specified as auto, which causes wc3270 to fill the entire terminal or console window.
       -port n	Specifies a different TCP port to connect to. N can be a name from /etc/services like telnet, or a number. This option changes the default port number used for all connections. (The positional parameter affects only the initial connection.)
       -proxy type:host[:port]	Causes wc3270 to connect via the specified proxy, instead of using a direct connection. The host can be an IP address, DNS, or hostname. The optional port can be a number or a service name. For a list of supported proxy types, refer to the wc3270 manual.
       -S	Runs wc3270 in auto-shortcut mode. Wc3270 will create a temporary shorcut (.LNK file) that matches the parameters in the session file (model number, characterset, etc.) and re-run itself from the shortcut.
       +S	Disables auto-shortcut mode. It is generally a good idea to put this option on the command lines of all shortcuts, to avoid infinite looping.
       -scriptport port	Causes wc3270 to listen for scripting connections on local TCP port port.
       -scriptportonce	Allows wc3270 to accept only one script connection. When that connection is broken, wc3270 will exit.
       -selfsignedok	When verifying a host SSL certificate, allow it to be self-signed
       -set toggle	Sets the initial value of toggle to true. For a complete list of toggle names, refer to the wc3270 manual. The -p option of x3270if causes it to use this socket, instead of pipes specified by environment variables.
       -sl n	Specifies that n lines should be saved for scrolling back. The default is 4096.
       -title text	Sets the console window title to text, overriding the automatic setting of the hostname and the string wc3270.
       -tn name	Specifies the terminal name to be transmitted over the telnet connection. The default name is IBM-model_name-E, for example, IBM-3278-4-E. Some hosts are confused by the -E suffix on the terminal name, and will ignore the extra screen area on models 3, 4 and 5. Prepending an s: on the hostname, or setting the "wc3270.extended" resource to "false", removes the -E from the terminal name when connecting to such hosts. The name can also be specified with the "wc3270.termName" resource.
       -trace	Turns on data stream and event tracing at startup. The default trace file name is x3trc.process_id.txt in the wc3270 Application Data directory.
       -tracefile file	Specifies a file to save data stream and event traces into.
       -tracefilesize size	Places a limit on the size of a trace file. If this option is not specified, or is specified as 0 or none, the trace file will be unlimited. If specified, the trace file cannot already exist, and the (silently enforced) minimum size is 64 Kbytes. The value of size can have a K or M suffix, indicating kilobytes or megabytes respectively.
       -v	Display the version and build options for wc3270 and exit.
       -verifycert	For SSL or SSL/TLS connections, verify the host certificate, and do not allow the connection to complete unless it can be validated.
       -xrm "wc3270.resource: value"	Sets the value of the named resource to value. Resources control less common wc3270 options. For a full list of resources, refer to the wc3270 manual.

5. Click Apply to apply the new Connection Component configurations,

or,

Click OK to save the new Connection Component configurations and return to the System Configuration page.

1. Update the connection component settings in PVWA. To do this, in the PVWA portal, click the ADMINISTRATION tab.

2. The System Configuration page appears.

3. Click Options, then navigate to Connection components > PSM-AS400 or PSM-OS390 > Target settings > Client specific > CommandLineArguments.

4. In the Value field, add the property -disablefipscryptography.