logout audit log after restarting CA Privileged Identity Manager
Article ID: 45024
Updated On:
Products
CA Virtual Privilege Manager
CA Privileged Identity Management Endpoint (PIM)
Issue/Introduction
Is logout log recorded for the user who logged in before CA Privileged Identity Manager (PIM) restart and logged out after PIM restart?
Environment
Release:
Component: SEOSU
Component: SEOSU
Resolution
The logout log for normal user is recorded but not for root.
When PIM starts, it detects executing processes and its execution user, and detects logged-in user. So the logged-in user who logged in before restart is detected. As logged-in user is detected, logout log for the user will be recorded.
However, as PIM cannot distinguish different root sessions, all processes of root uid gain the same ACEE (accessor element) handle. On the one hand, PIM detects logout when last process of that handle terminates. When one root session terminates, there are still many root processes running with the same ACEE handle. From PIM point of view, when one connection of root terminates, there are still running other processes of the same user root and PIM does not record logout log.
When PIM starts, it detects executing processes and its execution user, and detects logged-in user. So the logged-in user who logged in before restart is detected. As logged-in user is detected, logout log for the user will be recorded.
However, as PIM cannot distinguish different root sessions, all processes of root uid gain the same ACEE (accessor element) handle. On the one hand, PIM detects logout when last process of that handle terminates. When one root session terminates, there are still many root processes running with the same ACEE handle. From PIM point of view, when one connection of root terminates, there are still running other processes of the same user root and PIM does not record logout log.
Feedback
Yes
No
Powered by
