search cancel

Question regarding Disable Inactive After (Days) and remote CLI usage

book

Article ID: 134268

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager (PAM)

Issue/Introduction

We have a question regarding the Global Settings > "Disable Inactive After (Days)". We created some local user accounts for the purposes of running remote CLI scripts. These are service accounts and there won't be any login activities through the user interface (Browser/PAM Client).

If we run the CLI commands using these user accounts, will the commands be considered "login" activities and prevent the users from getting disabled by the global setting?




Environment

Release : Any PAM release as of July 2019.

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

Running a remote CLI command is considered a login activity and will prevent a user from getting disabled as inactive.

This implies that a remote CLI command will fail if the user is disabled in PAM already.