PAM Admin trying to onboard AIX users into PAM but they fail to validate with the following error:
PAM-CM-1349: A problem occurred while executing the script processor.
Release : 4.0.x
Component : PRIVILEGED ACCESS MANAGER
On their AIX system, login retries was set to 1.
Inside the Tomcat logs, when attempting to rotate the userid in question, they were getting the following error:
INFO: T2322256 - jsch: password prompt: 'Password for <userid>@ip address'
May 11, 2022 6:45:39 PM com.cloakware.cspm.server.plugin.SSHConnector$1 log
INFO: T2322256 - jsch: Login trials exceeds 1
This was due to AIX login retry setting. In PAM, if you attempt to rotate a user's password, we need to first validate the current password.
If that fails, any subsequent attempts will fail because the login retry is set to 1.
To validate the AIX setting, run the following command:
lsuser -a loginretries ALL | grep <userid in question>