A2A client reports "error code 401" encountered on Password Retrieval requests.

Catalina logs shows the error below:
com.cloakware.cspm.server.app.impl.GetScriptCredentialsCmd.getScriptAuthorization GetScriptCredentialsCmd.getScriptAuthorization could not find script auth.

Release : All supported PAM releases

For the given IP address a required script authorization mapping cannot be located in PAM's database.

Customer had applied NATing on the servers that observed this issue. Once NATing was removed then both the errors were eliminated, one in catalina logs (getScriptAuthorization could not find script auth) and other ("error code 401") in A2A client logs. Essentially removing NATing resolved the issue and A2A's Password Retrieval was successful.

During Password Retrieval processing, PAM first retrives a A2A client record from its database. PAM uses Server ID and Fingerprint and  Hostname for this retrieval. If PAM cannot find any record  by these means in its database then PAM returns this error -getScriptAuthorization could not find script auth.