PAM Expired password job

Document ID : KB000112172
Last Modified Date : 27/08/2018
Show Technical Document Details
Question:

How the Update Expired Password job works?
If I create a target account today at 9 A.M. and expires the day after, When should the password be updated? Next day at 9 A.M.?
Or the job executes once a day at certain time?

Answer:
TargetAccountExpiredPasswordProcessorTask  runs every 12 hrs. The first cycle occurs when the appliance (i.e. tomcat)  is started and thereafter every 12 hrs. 

Assuming that the first cycle has started at 5 PM UTC, then the next cycle will be around 5 AM UTC next day and then again 5 PM UTC etc. If you have created an account at 7 AM UTC and the password expiration is set to 1 day, then the password rotation will happen at 5 PM UTC next day. This is because the cycle runs at fixed times (i.e. 5 AM UTC & 5 PM UTC)  and so when the current day 5 PM cycle is run the password has not expired because only 10 hours have elapsed. When next day 5 AM cycle is run the password is not expired because only 22 hours have elapsed.  So when  5 PM cycle is run , password has expired as 34 hours have elapsed and so the password will be updated.
 
Additional Information:
This TargetAccountExpiredPasswordProcessorTask  job can't be manually configured by the user.