PAM Expired password job
search cancel

PAM Expired password job


Article ID: 112172


Updated On:


CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager (PAM)


How the Update Expired Password job works?
If I create a target account today at 9 A.M. and expires the day after, When should the password be updated? Next day at 9 A.M.?
Or the job executes once a day at certain time?


Component: CAPAMX


TargetAccountExpiredPasswordProcessorTask  runs every 12 hrs. The first cycle occurs when the appliance (i.e. tomcat)  is started and thereafter every 12 hrs. 

Assuming that the first cycle has started at 5 PM UTC, then the next cycle will be around 5 AM UTC next day and then again 5 PM UTC etc. If you have created an account at 7 AM UTC and the password expiration is set to 1 day, then the password rotation will happen at 5 PM UTC next day. This is because the cycle runs at fixed times (i.e. 5 AM UTC & 5 PM UTC)  and so when the current day 5 PM cycle is run the password has not expired because only 10 hours have elapsed. When next day 5 AM cycle is run the password is not expired because only 22 hours have elapsed.  So when  5 PM cycle is run , password has expired as 34 hours have elapsed and so the password will be updated.

Additional Information

This TargetAccountExpiredPasswordProcessorTask  job can't be manually configured by the user.