After customer upgrade PIM to 12.8 SP1 CP3(3673), he got the problem at sepass.
He change passwd with sepass, he cannot login with previous or current password.
It can reproducable every time.
In audot log,
14 Jul 2020 16:03:01 A LOGIN user01 17 8 PIMServer sshd
14 Jul 2020 16:05:08 D PASSWORD user01 Password 8 10 user01 sepass PIMServer
This problem does not occur old version, such as 220.127.116.1134.
It is caused by unused function in sepass at old fix.
This problem is occurred only if passwd_format = NT.
Release : 12.8 SP1
Component : CA ControlMinder - Unix
Provided new test fix, T5C1177(18.104.22.16859), for this problem.
Please contact support if you need.
CA Privileged Identity Manager r12.8 SP1 CP3 for Endpoint
create new PMD, pwpmd01, and it configure to password_pmd, parent_pmd.
passwd_pmd = [email protected]
parent_pmd = [email protected]
also set passwd_format = NT in seos.ini
create profile group and sample user
editgrp ('profgrp01') password(min_life(0) history(3) interval(90) rules(min_len(8) sub_str_len(0) max_len(0) alpha(0) alphanum(0) numeric(1) uppercase(1) lowercase(1) special(0) max_rep(0) grace(1) namechk- oldpwchk bidirectional- use_dbdict-))
editusr ('user01') name('sample') audit(FAILURE LOGINSUCCESS LOGINFAILURE INTERACTIVE) profile(profgrp01)
join ('user01') group('profgrp01') owner('imusradm')
2. login with above credential and change password via sepass
3. try change password via sepass with new password again.
current password is changed to new password.
current password cannot correct with new and old password.
Enter user01's old password:
Also, you can not login via new session with new and old password.
user management function is very different between UNIX/Linux and Windows environment.
So, I recommend separate password PMD for UNIX and Windows.