Randomly, when a password is changed, the timestamp of the password change is not updated.
This problem leads to unwanted password expirations affecting the operator productivity.
When the password is changed the password history list show the timestamps of the password changes.
When the problem occurs, the one on top of the list is not the last one even though you try to sort it.
Even trying to change the password several times a day for one of the affected accounts, the one in the top of the list keeps on being an older one, like in the screenshot here below:
So, apparently, the date stored in the first place of this list is the one assumed to be the most recent, as it is the shown as last change date.
The problem was related to the query made by the GUI to display the changed password list tries to order it by the field accounthistoryid.
This doesn't work in a PAM 3.3 cluster in its current implementation because each cluster node writes its own accounthistoryid sequence.
Product: Layer 7 Privileged Access Management.
Versions: 3.3.0.x, 3.3.1.x and 3.3.2.x
This is a known bug and it has been solved in PAM versions 3.3.3 and 3.4