PIM(EP) r12.8 SP1: passwd update failed after upgrade to 12.81-0(3673)


Article ID: 196011


Updated On:


CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM)


 After customer upgrade PIM to 12.8 SP1 CP3(3673), he got the problem at sepass.
 He change passwd with sepass, he cannot login with previous or current password.
 It can reproducable every time.
 In audot log, 

 14 Jul 2020 16:03:01 A LOGIN        user01                17  8 PIMServer        sshd
 14 Jul 2020 16:05:08 D PASSWORD     user01     Password    8 10 user01               sepass               PIMServer

This problem does not occur old version, such as


It is caused by unused function in sepass  at old fix. 
This problem is occurred only if passwd_format = NT.


Release : 12.8 SP1

Component : CA ControlMinder - Unix


Provided new test fix, T5C1177(,  for this problem.

Please contact support if you need.

Additional Information

    RHEL 7.5
    CA Privileged Identity Manager r12.8 SP1 CP3 for Endpoint

  create new PMD, pwpmd01, and it configure to password_pmd, parent_pmd. 
    passwd_pmd = [email protected]
    parent_pmd = [email protected]
  also set passwd_format = NT in seos.ini 
  create profile group and sample user
    editgrp ('profgrp01') password(min_life(0) history(3) interval(90) rules(min_len(8) sub_str_len(0) max_len(0) alpha(0) alphanum(0) numeric(1) uppercase(1) lowercase(1) special(0) max_rep(0) grace(1) namechk- oldpwchk bidirectional- use_dbdict-))
    editusr ('user01') name('sample') audit(FAILURE LOGINSUCCESS LOGINFAILURE INTERACTIVE) profile(profgrp01)
    join   ('user01') group('profgrp01') owner('imusradm')

 1. reset password for user, user01 on password_pmd
    # selang
    AC> host [email protected]
    AC> cu user01 grace01 password([email protected])

 2. login with above credential and change password via sepass
 3. try change password via sepass with new password again.

Expected Results:
 current password is changed to new password.

Actual Results:
 current password cannot correct with new and old password.
 Enter user01's old password:
 Passwords mismatch
 Also, you can not login via new session with new and old password.

 user management function is very different between UNIX/Linux and Windows environment.
 So, I recommend separate password PMD for UNIX and Windows.