Connection Error When Using Sepass
search cancel

Connection Error When Using Sepass

book

Article ID: 281501

calendar_today

Updated On:

Products

CA Privileged Identity Management Endpoint (PIM) CA Privileged Access Manager - Server Control (PAMSC) CA Privileged Access Manager (PAM)

Issue/Introduction

When running the sepass command to change passwords locally, the password change is successful but a connection error occurs.

# sepass
Enter pamscuser's old password:
Enter new password:
Verify new password:
Local password updated successfully.
(none)
ERROR: Connection failed
Host is unknown

Environment

Privileged Identity Manager, 12.8
PAM Server Control, 14.x

Cause

By default, sepass is configured in seos.ini so it will connect to a PMDB after changing the password locally in order to have the password synchronized across PAMSC endpoints. This behavior is dictated by the only_local token, which is set to no by default. If only_local is set to no, then sepass would use the passwd_pmd token to determine what PDMB to connect to when changing the password.

In this case, only_local was set to no and passwd_pmd was set to none, so sepass was trying to connect to a PMDB called "none" to set the password, which caused the "Host is unknown" error.

Resolution

There are two options to resolve the issue, depending on how the PAMSC environment is used.

If the password should be synchronized across PAMSC endpoints, the passwd_pmd token should be set to a valid PMDB such as "Parent@pmdbhost".

If the password should not be synchronized across PAMSC endpoints, the only_local token should be set to "yes".

Additional Information