PAM-CM-0816 error when importing accounts

book

Article ID: 127263

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction

Sometimes it is necessary to import target accounts into PAM which do not have the default password view policy and instead have one which requires a change password on view action.

 

 

If we try this for a target account with the highlighted policy, import seems to work fine, but then accessing the imported account and trying to verify or save it we get the following

So "PAM-CM-0816 The specified password view policy has "change password on view" enabled, but the account is unsynchronized"

Why is this so and how can it be solved ?

Environment

CA PAM all versions

Resolution

This is due to how the password view and verification flow works: when we try to verify or save a password after the import, if the password view policy chosen has the "Change Password on View" policy enabled it will access the password we have stored in the database and it will see it has never been verified.

Because of this, it cannot know if it is the right password. If it were not the right password, the next time we access the password for this account we would have the wrong one and it would not be possible to verify or change it. 

That is why unless the account is verified you cannot save or verify the password with the "Change password on view" setting active.

To successfully import these accounts, first assign to them the default password view policy, which does not have "Change password on view" setting active and subsequently save their passwords locally to the Password Authority server and then to the Target server. That will allow you to save the password and make sure it is verified.

After doing so, you can change back their Password view Policy  to your custom policy and all will work correctly.

Attachments

1558689971251000127263_sktwi1f5rjvs16g3p.png get_app
1558689967894000127263_sktwi1f5rjvs16g3o.png get_app