A specific PAM user is receiving the following message when trying to use the target account "xxxxxxx"
"The credentials that were used to connect to server did not work"
Other PAM users are able to use the same target account with no issues.
This access is granted for the user through the group yyyyy
The user is accessing other servers using PAM with no problems.
The errors identified in PAM logs are:
PAM-CMN-1382: Credential not found for association
PAM-CMN-2275: Unable to retrieve Password Authority password for username CN=USERNAME Error: PAM-CM-0574: Missing required parameter: referenceCode.
Privileged Access Manager 4.0.x
It appears that there was an issue saving a parameter for this one user at some point in the past which caused this error while using this PVP policy.
Issue was resolved by first modifying the PVP to remove the dual authentication. Test to ensure the credential could now be used. Then re-add the dual authentication and now it works as expected for all users.