How will the cache update behave on A2A client when the password of the target account is changed?

book

Article ID: 108036

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction



When the "Use Cache First" is set to the "Cache Behavior" in the target account for the A2A Client, how will it be worked?
 

<Please see attached file for image>

"Use Cache First" on the target account settings.

Environment

CA Privileged Access Manger r3.x (PAM r3.x)

Resolution

It will work as the below mechanism.
  1. Change the password of the account.
  2. The signal will be sent from the Credential manager to the A2A client about what the password was changed, and the cache will be cleared at the timing.
  3. Run the A2A script on the A2A client.
  4. The A2A client requests the password to the Credential manager on the PAM server because the cache does not have the password then.
  5. The Credential Manager will provide the password information to the A2A client.
  6. The script will be run and completed to run. The received password from the Credential Manager will be stored to the cache on the A2A client.
  7. After that, the password in the cache will be used later until the #1 will occur next time.

Also, after the #1, if the A2A client cannot connect to the PAM server because of something problem until #3, as the A2A client cannot get the latest password, the A2A script does not work then. 

Attachments

1558698684253000108036_sktwi1f5rjvs16jg9.jpeg get_app