Let's assume the following scenario
The goal for the customer is such that the password will be updated according to the Password View Policy on all machines each time one of the conditions for password change is met
However,this does not work:
This is because when we assign a credential source this is linked to a specific machine through the target account and target application. Hence, if I log in to one machine using the username and password provided by the credential source, then I log out and the password is changed, that will only be done in the machine to which the targetaccount and targetapplication specified in the credential source belong, but not the rest of the machines in the device group.
Next time I try to log in to one of the machines in the group, unless it is the one to which the credential source is connected, they will still have the old password, so login will fail.
CA PAM multiple versions
The easiest option in this case where we have the same targetaccount and targetapplication for multiple machines, is to define a compound target account
Then assign the compound target account as the credential source for the device group.
The way this works, if the password for the compound target account is changed, that will trigger a password change for the same account in all servers listed as members of the compound account.
Take into account, however, that updating the account password in all servers in a target compound account may take a considerable amount of time if their number is large