ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

PAM Expired password job

book

Article ID: 112172

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager (PAM)

Issue/Introduction



How the Update Expired Password job works?
If I create a target account today at 9 A.M. and expires the day after, When should the password be updated? Next day at 9 A.M.?
Or the job executes once a day at certain time?

Environment

Release:
Component: CAPAMX

Resolution

TargetAccountExpiredPasswordProcessorTask  runs every 12 hrs. The first cycle occurs when the appliance (i.e. tomcat)  is started and thereafter every 12 hrs. 

Assuming that the first cycle has started at 5 PM UTC, then the next cycle will be around 5 AM UTC next day and then again 5 PM UTC etc. If you have created an account at 7 AM UTC and the password expiration is set to 1 day, then the password rotation will happen at 5 PM UTC next day. This is because the cycle runs at fixed times (i.e. 5 AM UTC & 5 PM UTC)  and so when the current day 5 PM cycle is run the password has not expired because only 10 hours have elapsed. When next day 5 AM cycle is run the password is not expired because only 22 hours have elapsed.  So when  5 PM cycle is run , password has expired as 34 hours have elapsed and so the password will be updated.
 

Additional Information

This TargetAccountExpiredPasswordProcessorTask  job can't be manually configured by the user.