search cancel

CA PAM is unable to rotate password on few Oracle DB Target accounts

book

Article ID: 238765

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

PAM Admin is unable to rotate password on few Oracle DB Target accounts, via Schedule job or manually.

The UI throws the following error "PAM-CM-1761: Failed to synchronize/verify account. See logs for details" this error.

 

Cause

In our Tomcat logs, the following errors were happening:

ORA-28003: password verification for the specified password failed
ORA-20003: Password should contain at least one digit, one character and one punctuation

Environment

Release : 4.0.x

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

 

These errors means on your Oracle Server - you have a profile set that requires complex passwords and the PAM Password Composition Policy doesn't match.

In Oracle you need to determine the profiles associated with 

select username,profile from dba_users where username = 'Userid';

this will return the user's profile that has some password composition policy associated with it:

select * from dba_profiles where profile = 'profile name that came from the above command';

Than in PAM on the server you must match the composition policy:

PAM UI >> Credentials >> Managed Targets >> Password Composition Policies

Here you need to create/update a password policy and assign it to your Oracle Application in PAM:

PAM UI >> Credentials >> Managed Targets >> Applications >> Oracle App and here you must add that to it.