Scripting error when onboarding account

book

Article ID: 241816

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

PAM Admin trying to onboard AIX users into PAM but they fail to validate with the following error:

PAM-CM-1349: A problem occurred while executing the script processor.

 

Cause

On their AIX system, login retries was set to 1.

Environment

Release : 4.0.x

Component :  PRIVILEGED ACCESS MANAGER

Resolution

Inside the Tomcat logs, when attempting to rotate the userid in question, they were getting the following error:

INFO: T2322256 - jsch: password prompt: 'Password for <userid>@ip address'
May 11, 2022 6:45:39 PM com.cloakware.cspm.server.plugin.SSHConnector$1 log
INFO: T2322256 - jsch: Login trials exceeds 1

This was due to AIX login retry setting.  In PAM, if you attempt to rotate a user's password, we need to first validate the current password.

If that fails, any subsequent attempts will fail because the login retry is set to 1.

To validate the AIX setting, run the following command:

lsuser -a loginretries ALL | grep <userid in question>