Update Local Directory to TLS 1.2

Use the following procedure to update the PAM Local Directory to restrict the accepted cryptographic protocol to TLS v1.2.

Please note that all new PAM deployments beginning on August 9, 2020 will have TLS 1.2 only enabled by default. For existing PAM deployments prior to August 9, 2020, this procedure can be used if required.

  1. Login to PAM host server and first stop the PamManagement (Windows) or pammanager (Linux) service. Then stop the PamDirectory (Windows) or pamdirectory (Linux) service.
  2. Open the file $PAM_HOME/ds/instances/default/conf/ou=config/ads-directoryserviceid=default/ou=servers/ads-serverid=ldapserver/ou=transports/ads-transportid=ldaps.ldif in a text editor.
  3. Add the following line to the end of the file:
  4. Copy
    ads-enabledProtocols: TLSv1.2
  5. Save and close this file.
  6. Start the PamDirectory (Windows) or pamdirectory (Linux) service.
  7. Start the PamManagement (Windows) or pammanager (Linux) service.