I am seeing below message in /var/log/mysqld.log on MySQL server side when succeeding in the password update from CA PAM. Is it an expected log?
Access denied for user 'testuser'@'10.138.xxx.xxx' (using password: YES)
CA Privileged Access Manager 3.x
This message is expected and cannot be avoided. As per the code, PAM tries to verify the new credentials before trying to update them. Before updating the password the new password verification will always fail, unless the new password is same as the current one. The reason of this behavior is to see if the same password is supplied as new password or a brand new password.