How will the cache update behave on A2A client when the password of the target account is changed?

Document ID : KB000108036
Last Modified Date : 27/07/2018
Show Technical Document Details
Question:
When the "Use Cache First" is set to the "Cache Behavior" in the target account for the A2A Client, how will it be worked?
 
"Use Cache First" on the target account settings.
Environment:
CA Privileged Access Manger r3.x (PAM r3.x)
Answer:
It will work as the below mechanism.
  1. Change the password of the account.
  2. The signal will be sent from the Credential manager to the A2A client about what the password was changed, and the cache will be cleared at the timing.
  3. Run the A2A script on the A2A client.
  4. The A2A client requests the password to the Credential manager on the PAM server because the cache does not have the password then.
  5. The Credential Manager will provide the password information to the A2A client.
  6. The script will be run and completed to run. The received password from the Credential Manager will be stored to the cache on the A2A client.
  7. After that, the password in the cache will be used later until the #1 will occur next time.

Also, after the #1, if the A2A client cannot connect to the PAM server because of something problem until #3, as the A2A client cannot get the latest password, the A2A script does not work then.