Symantec Privileged Access Management

Customer manage password from PAM(3.0.2) on linux device.  It is found that when change password from PAM, failed login count increase on OS side.

Account details as follows.

Failed count before change password:

Dec 10 22:08:10 huaso01-I7575 unix_chkpwd[114098]: password check failed for user (root)
Dec 11 01:33:50 huaso01-I7575 unix_chkpwd[124793]: password check failed for user (root)
Dec 11 01:33:57 huaso01-I7575 unix_chkpwd[124794]: password check failed for user (root)
Dec 12 20:38:55 huaso01-I7575 unix_chkpwd[116772]: password check failed for user (pimadmin)
Dec 15 03:02:36 huaso01-I7575 unix_chkpwd[11894]: password check failed for user (pimadmin)
Dec 15 03:04:51 huaso01-I7575 unix_chkpwd[12206]: password check failed for user (pimadmin)
Dec 15 03:16:01 huaso01-I7575 unix_chkpwd[12630]: password check failed for user (pimadmin)
Dec 15 03:22:44 huaso01-I7575 unix_chkpwd[12860]: password check failed for user (pimadmin)
Dec 15 03:41:55 huaso01-I7575 unix_chkpwd[14259]: password check failed for user (pimadmin)
Dec 17 19:39:59 huaso01-I7575 unix_chkpwd[63689]: password check failed for user (pimadmin)
Dec 17 19:52:48 huaso01-I7575 unix_chkpwd[64130]: password check failed for user (pimadmin)
Dec 17 20:20:22 huaso01-I7575 unix_chkpwd[65746]: password check failed for user (pimadmin)

Change password by click generate credentials->OK. confirmed password changed.

Failed login count increased by one:

Dec 11 01:33:57 huaso01-I7575 unix_chkpwd[124794]: password check failed for user (root)
Dec 12 20:38:55 huaso01-I7575 unix_chkpwd[116772]: password check failed for user (pimadmin)
Dec 15 03:02:36 huaso01-I7575 unix_chkpwd[11894]: password check failed for user (pimadmin)
Dec 15 03:04:51 huaso01-I7575 unix_chkpwd[12206]: password check failed for user (pimadmin)
Dec 15 03:16:01 huaso01-I7575 unix_chkpwd[12630]: password check failed for user (pimadmin)
Dec 15 03:22:44 huaso01-I7575 unix_chkpwd[12860]: password check failed for user (pimadmin)
Dec 15 03:41:55 huaso01-I7575 unix_chkpwd[14259]: password check failed for user (pimadmin)
Dec 17 19:39:59 huaso01-I7575 unix_chkpwd[63689]: password check failed for user (pimadmin)
Dec 17 19:52:48 huaso01-I7575 unix_chkpwd[64130]: password check failed for user (pimadmin)
Dec 17 20:20:22 huaso01-I7575 unix_chkpwd[65746]: password check failed for user (pimadmin)
Dec 18 02:21:47 huaso01-I7575 unix_chkpwd[83421]: password check failed for user (pimadmin)
[root@huaso01-I7575 ~]#

No custom script used all use default script.

I dont see this behavior in 2.8.4 version of PAM. It seems update password script changed in 3.0.2.

Any thought?

Best Regards

Jerry

Hi Jerry

Some more investigation is required on this matter. Can you please open a support case and attach the catalina log to it so that we can verify the behavior ?

Hello Ralf,

Thanks for the explanation, so only way to mitigate this problem is use custom script instead of default script or there is better way?

Best Regards

Jerry