PAM A2A (cspm client) needs to clear cache on reboot.
search cancel

PAM A2A (cspm client) needs to clear cache on reboot.

book

Article ID: 233996

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Due to a situation where the hostname may change on reboot and issues found when the password is maintained on reboot we need a way to clear the cache on ever reboot

 

Environment

Release : 3.4, 4.x

Component : PRIVILEGED ACCESS MANAGEMENT

Cause

There are 2 levels of cache maintained by the A2A client, memory and file. Most of the time the in-memory cache is used to allow for  a faster resolution of a password that has not been changed. This information is also cached in the .cspmclient.dat file so the password can be cached when the service is recycled or when the server is rebooted.

Resolution

In order to allow the client to reset the cache file when the service is stopped you need to set the preserveCacheBetweenRestarts value to false. The line must be added as it does not exist in the default configuration.

set <preserveCacheBetweenRestarts>false</preserveCacheBetweenRestarts> in the config for example below.

 

Config file:

?xml version="1.0" encoding="utf-8" ?>

<configuration>

              <applicationtype>cspm_agent</applicationtype>

              <cacheallow>true</cacheallow>

<preserveCacheBetweenRestarts>false</preserveCacheBetweenRestarts>