PIM(EP) r12.8 SP1: cannot login after uninstall PIM
search cancel

PIM(EP) r12.8 SP1: cannot login after uninstall PIM

book

Article ID: 119901

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager (PAM)

Issue/Introduction

Customer uninstalled PIM from system.
After uninstall, he cannot login system via remote or VM console by all users.
 

Environment

First reported this problem on:
OS: RHEL 71
Prod: CA Privileged Identity Manager r12.8 SP1 for Endpoint.

But it may occurred PIM / PAMSC all version on all Linux system.
 

Cause

PIM installer add pam_seos.so entry after pam_unix.so entry during installation.
if the entry has rule for index jump as "success = x", PIM installer increases count up.
And also, PIM uninstaller remove pam_seos.so entry in configuration file.
But  PIM uninstaller does not decrement index# after "success =".
So, PAM rule  cannot jump correct line.
 

Resolution

As workaround, he should set decrease # at success= for pam_unix.so entry.

Here is example:
Before Install PIM:
  auth [success=3 default=ignore] pam_unix.so nullok try_first_pass

After install PIM
  auth [success=4 default=ignore] pam_unix.so nullok try_first_pass

After uninstall PIM
  auth [success=4 default=ignore] pam_unix.so nullok try_first_pass
  It should set as following:
  auth [success=3 default=ignore] pam_unix.so nullok try_first_pass


This problem is fixed by testfix, T5C1155.
Please contact support team about this testfix.
Powered by Wolken Software