PAM: Super password corrupt - there was not change password event

book

Article ID: 111141

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction

I was once able to access CA PAM using the 'super' account, but recently PAM is stating that my password for the super account is incorrect.  More specifically, I receive this:

Error: PAM-CMN-0900: Bad User ID or Password.

Environment

Release:
Component: CAPAMX

Resolution

For scenarios like this, we must reset the super's password in the backend database in which PAM is leveraging.  Please raise a Support case and request for SSH Debug patch.

You need to apply the PAM_SUPPORT_SSH_DEBUG.p.bin patch:

- Logon to PAM as super
- Configuration >  Upgrade > upload and apply PAM_SUPPORT_SSH_DEBUG.p.bin
- Configuration > Diagnostics > System - > Turn ON Remote CA PAM Debugging Services
- Launch PuTTY, create a new SSH connection to the PAM server and set SSH_DEBUG_<date>.ppk file (contained in SSH DEBUG patch zip file) into

        Connection > SSH > Auth > Private Key for authentication

Please test the SSH connection is successful - you should see the following prompt

  login as:

Once this is all in place, request Support engineer to logging into the PAM appliance and injecting a few SQL queries to reset super's password.