ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

PIM(EP) r12.8 SP1: passwd update failed after upgrade to 12.81-0(3673)

book

Article ID: 196011

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

 After customer upgrade PIM to 12.8 SP1 CP3(3673), he got the problem at sepass.
 He change passwd with sepass, he cannot login with previous or current password.
 It can reproducable every time.
 
 In audot log, 

 14 Jul 2020 16:03:01 A LOGIN        user01                17  8 PIMServer        sshd
 ...      
 14 Jul 2020 16:05:08 D PASSWORD     user01     Password    8 10 user01               sepass               PIMServer
 ...

 
This problem does not occur old version, such as 12.81.0.3134.
 

Cause

It is caused by unused function in sepass  at old fix. 
This problem is occurred only if passwd_format = NT.

Environment

Release : 12.8 SP1

Component : CA ControlMinder - Unix

Resolution

Provided new test fix, T5C1177(12.81.0.3859),  for this problem.

Please contact support if you need.

Additional Information

[ENVIRONMENT]
  OS: 
    RHEL 7.5
  PROD:
    CA Privileged Identity Manager r12.8 SP1 CP3 for Endpoint
 
[REPRODUCTION STEPS] 

 Prerequisite:
  create new PMD, pwpmd01, and it configure to password_pmd, parent_pmd. 
    passwd_pmd = [email protected]
    parent_pmd = [email protected]
  also set passwd_format = NT in seos.ini 
  create profile group and sample user
    editgrp ('profgrp01') password(min_life(0) history(3) interval(90) rules(min_len(8) sub_str_len(0) max_len(0) alpha(0) alphanum(0) numeric(1) uppercase(1) lowercase(1) special(0) max_rep(0) grace(1) namechk- oldpwchk bidirectional- use_dbdict-))
    editusr ('user01') name('sample') audit(FAILURE LOGINSUCCESS LOGINFAILURE INTERACTIVE) profile(profgrp01)
    join   ('user01') group('profgrp01') owner('imusradm')

 1. reset password for user, user01 on password_pmd
    # selang
    AC> host [email protected]
    AC> cu user01 grace01 password([email protected])

 2. login with above credential and change password via sepass
 3. try change password via sepass with new password again.

Expected Results:
 current password is changed to new password.

Actual Results:
 current password cannot correct with new and old password.
 --
 Enter user01's old password:
 Passwords mismatch
 -- 
 Also, you can not login via new session with new and old password.

[Note]
 user management function is very different between UNIX/Linux and Windows environment.
 So, I recommend separate password PMD for UNIX and Windows.