Account gets suspended after a minute (PIM)
Article ID: 265715
Updated On:
Products
CA Privileged Access Manager (PAM)
CA Privileged Identity Management Endpoint (PIM)
Issue/Introduction
There is a password manager account "pwdmanager" which logs into with the PMDB server "pimpmdb" to change user passwords. However, the account is continuously getting locked within a minute after being unlocked.
Environment
Privileged Identity Manager, 12.8 SP1
PAM Server Control, 14.x
Cause
The password that was being used for pwdmanager was incorrect, the seaudit output showed the following events.
02 May 2023 17:05:23 A LOGIN pwdmanager 0 5 pimpmdb
02 May 2023 17:05:23 A LOGIN pwdmanager 0 5 pwdmanager
02 May 2023 17:05:23 A LOGIN pwdmanager 0 5 pwdmanager
02 May 2023 17:05:23 A LOGIN pwdmanager 0 5 pwdmanager
02 May 2023 17:05:23 A LOGIN pwdmanager 0 5 pwdmanager
02 May 2023 17:05:23 A LOGIN pwdmanager 0 5 pwdmanager
02 May 2023 17:05:23 S UPDATE USER root 305 0 pwdmanager chusr pwdmanager suspend
02 May 2023 17:05:23 I LOGINDISABLE pwdmanager 0 5 hostname
02 May 2023 17:05:23 A LOGIN pwdmanager 0 5 pwdmanager
02 May 2023 17:05:23 A LOGIN pwdmanager 0 5 pwdmanager
02 May 2023 17:05:23 S UPDATE USER root 305 0 pwdmanager chusr pwdmanager suspend
02 May 2023 17:05:23 I LOGINDISABLE pwdmanager 0 5 hostname
The "A" code means that PIM/PAMSC was allowing the login to occur, but the native OS was failing the login.
Resolution
The password being used for "pwdmanager" was incorrect and kept being attempted multiple times. This caused the number of login failures to reach the configured limit of 5 and get suspended by PIM/PAMSC. Once the password was corrected, the logins were no longer denied by the native OS.
Feedback
Yes
No
Powered by
