In order to properly configure the firewalls in our organization, it is necessary to know the potential interaction of our PAM servers with the rest of the server computers in our environment.
How can I know what PAM server is performing the change password tasks in a PAM multisite cluster environment?
PAM server 2.8.x multi-site cluster.
PAM server 3.x in multi-site cluster.
The task is performed by the PAM-node to which you are connected to, with the PAM User Interface.
The scheduled change password jobs will be run on the machine they were defined on, so on any of the PAM servers in the cluster primary node, as the ones in the secondary nodes have no administrative capabilities when you connect to them.