When running the sepass command to change passwords locally, the password change is successful but a connection error occurs.
# sepass
Enter pamscuser's old password:
Enter new password:
Verify new password:
Local password updated successfully.
(none)
ERROR: Connection failed
Host is unknown
Privileged Identity Manager, 12.8
PAM Server Control, 14.x
By default, sepass is configured in seos.ini so it will connect to a PMDB after changing the password locally in order to have the password synchronized across PAMSC endpoints. This behavior is dictated by the only_local token, which is set to no by default. If only_local is set to no, then sepass would use the passwd_pmd token to determine what PDMB to connect to when changing the password.
In this case, only_local was set to no and passwd_pmd was set to none, so sepass was trying to connect to a PMDB called "none" to set the password, which caused the "Host is unknown" error.
There are two options to resolve the issue, depending on how the PAMSC environment is used.
If the password should be synchronized across PAMSC endpoints, the passwd_pmd token should be set to a valid PMDB such as "Parent@pmdbhost".
If the password should not be synchronized across PAMSC endpoints, the only_local token should be set to "yes".
For more information about the only_local and other password related seos.ini tokens, refer to the following documentation link.