[PAM] When attempting to logon to PAM GUI with wrong password, PAM attempts failed login twice

book

Article ID: 194931

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

At the login window, submitting correct username and wrong password throws error message.

PAM-CMN-0900: Bad User ID or Password.

This should have submitted the login attempt just once.

However, Sessions Log shows there was 2 attempts instead of 1.

Following screen shows [email protected] attempted 2 times.

And the Windows Event log confirms this.

 

If the AD Password Policy will lockout the user account after 3 consecutive login failure, this would cause the account to get locked out just after 2 failed login.

 

Environment

Release : 3.3.x

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

This issue occurrs on all PAM 3.3.x and not present on PAM 3.4.0

Upgrade to PAM 3.4.0 is recommended.

 

This behavior is not limited to LDAP User accounts, this also occurs with PAM local users such as "super" account.

Attachments