PIM(EP) r12.8 SP1: passwd update failed after upgrade to 12.81-0(3673)
search cancel

PIM(EP) r12.8 SP1: passwd update failed after upgrade to 12.81-0(3673)

book

Article ID: 196011

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

 After customer upgrade PIM to 12.8 SP1 CP3(3673), he got the problem at sepass.
 He change passwd with sepass, he cannot login with previous or current password.
 It can reproducable every time.
 
 In audot log, 

 14 Jul 2020 16:03:01 A LOGIN        user01                17  8 PIMServer        sshd
 ...      
 14 Jul 2020 16:05:08 D PASSWORD     user01     Password    8 10 user01               sepass               PIMServer
 ...

 
This problem does not occur old version, such as 12.81.0.3134.
 

Environment

Release : 12.8 SP1

Component : CA ControlMinder - Unix

Cause

It is caused by unused function in sepass  at old fix. 
This problem is occurred only if passwd_format = NT.

Resolution

Provided new test fix, T5C1177(12.81.0.3859),  for this problem.

Please contact support if you need.

Additional Information

[ENVIRONMENT]
  OS: 
    RHEL 7.5
  PROD:
    CA Privileged Identity Manager r12.8 SP1 CP3 for Endpoint
 
[REPRODUCTION STEPS] 

 Prerequisite:
  create new PMD, pwpmd01, and it configure to password_pmd, parent_pmd. 
    passwd_pmd = pwpmd01@PIMServer
    parent_pmd = pwpmd01@PIMServer
  also set passwd_format = NT in seos.ini 
  create profile group and sample user
    editgrp ('profgrp01') password(min_life(0) history(3) interval(90) rules(min_len(8) sub_str_len(0) max_len(0) alpha(0) alphanum(0) numeric(1) uppercase(1) lowercase(1) special(0) max_rep(0) grace(1) namechk- oldpwchk bidirectional- use_dbdict-))
    editusr ('user01') name('sample') audit(FAILURE LOGINSUCCESS LOGINFAILURE INTERACTIVE) profile(profgrp01)
    join   ('user01') group('profgrp01') owner('imusradm')

 1. reset password for user, user01 on password_pmd
    # selang
    AC> host pwpmd01@PIMServer
    AC> cu user01 grace01 password(P@ssw0rd)

 2. login with above credential and change password via sepass
 3. try change password via sepass with new password again.

Expected Results:
 current password is changed to new password.

Actual Results:
 current password cannot correct with new and old password.
 --
 Enter user01's old password:
 Passwords mismatch
 -- 
 Also, you can not login via new session with new and old password.

[Note]
 user management function is very different between UNIX/Linux and Windows environment.
 So, I recommend separate password PMD for UNIX and Windows.

Powered by Wolken Software