No logs on password changes if changed to the same password.
search cancel

No logs on password changes if changed to the same password.

book

Article ID: 270843

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

When you run scripts or manually change passwords to be the same one, there is no logs of any activity. Is this working as intended?

Should there be some logs saying attempted password change but no change or should it throw an error to tell you that is the same password?

Environment

Release : 4.1.119

Resolution

When invoking the target password account.  When command is executed, when using the same password, the password is stored in DB. It will write to two logs.  One going into the metric logs.  Written if password changed.  If using the password same, this is not written to the log and not displayed. Will not show up in reports as password is same as generated from metric table to no data in report dialog.

It also writes to the audit log.  It does have the data if the same password.  Even though it’s created in the audit log, no way to check the audit logs from the UI which is what you are seeing.

There is no out of the box report or way to view this data if the same password is used.

This is expected behavior.