How will the cache update behave on A2A client when the password of the target account is changed?

Article Id: 108036
Status: Published
Updated On: 26-07-2018 21:32
Products:
CA Privileged Access Manager - Cloakware Password Authority (PA) , PAM SAFENET LUNA HSM , CA Privileged Access Manager (PAM) , CA Privileged Access Manager (PAM)
Issue/Introduction:



When the "Use Cache First" is set to the "Cache Behavior" in the target account for the A2A Client, how will it be worked?
 

<Please see attached file for image>

"Use Cache First" on the target account settings.

Environment:

CA Privileged Access Manger r3.x (PAM r3.x)

Resolution:

It will work as the below mechanism.

  1. Change the password of the account.
  2. The signal will be sent from the Credential manager to the A2A client about what the password was changed, and the cache will be cleared at the timing.
  3. Run the A2A script on the A2A client.
  4. The A2A client requests the password to the Credential manager on the PAM server because the cache does not have the password then.
  5. The Credential Manager will provide the password information to the A2A client.
  6. The script will be run and completed to run. The received password from the Credential Manager will be stored to the cache on the A2A client.
  7. After that, the password in the cache will be used later until the #1 will occur next time.

Also, after the #1, if the A2A client cannot connect to the PAM server because of something problem until #3, as the A2A client cannot get the latest password, the A2A script does not work then. 

insert_drive_file 1558698684253000108036_sktwi1f5rjvs16jg9.jpeg
arrow_downward Download