It will work as the below mechanism.
- Change the password of the account.
- The signal will be sent from the Credential manager to the A2A client about what the password was changed, and the cache will be cleared at the timing.
- Run the A2A script on the A2A client.
- The A2A client requests the password to the Credential manager on the PAM server because the cache does not have the password then.
- The Credential Manager will provide the password information to the A2A client.
- The script will be run and completed to run. The received password from the Credential Manager will be stored to the cache on the A2A client.
- After that, the password in the cache will be used later until the #1 will occur next time.
Also, after the #1, if the A2A client cannot connect to the PAM server because of something problem until #3, as the A2A client cannot get the latest password, the A2A script does not work then.